Site Security: An Example (Nightmare) of Why You Shouldn’t Ignore It

Editor’s note: While I am glad to have May More on the blog today, I hate that it’s to share her own personal sex blog nightmare. Not all (very few, actually) hosting or security companies have our best interests at heart, and without enough information or knowledge, site owners receive little help or unnecessarily spend hundreds of dollars. Learn from May’s experience and remember that it can happen to any of us.

concept of website security for sex bloggers

I started my blog – Sex Matters – in 2016 but only wrote a handful of posts between then and mid 2017. I was tentative and also recovering from a leg injury.

The first time my site became infected.

When my site was about ten months old I received an email from my hosts informing me that a routine scan had discovered a couple of infected files in my database. Their advice: Take out a plan with SiteLock.

Here is excerpt from the email…

During a routine scan, the security team at (my hosts) discovered infected files in your “ifsexmatterscouk” account… You can view a list of the infected files in the stats directory of your account… Please make sure to check any file backup(s) you have for a clean copy of the infected files. If you have clean copies, you can upload those. If not get the infected files cleaned or removed… However, If you don’t feel comfortable removing the infected files yourself, or would like to talk to a security expert, we recommend that you contact our preferred partner, SiteLock.

Shortly after another email arrived warning me that my site would be taken offline if I didn’t act.

I am not rich but often I have time.

Time on my hands

I used my time to look into what had happened and unearthed a mountain of online information, from other bloggers, that SiteLock were not worth the money. Many alleged the company lied about the corrupted files or perhaps even infected the database with malware themselves. Then touted for your custom. Nothing more than an online protection racket. Now I was more determined than ever to sort the problem myself.

  • Checking the scan, I was able to pinpoint that only two files had been tampered with.
  • Looking at backups and information from valid sources online, I could tell which lines of code were bad and deleted them.

I have worn many hats in my life, one of them as an analyst programmer. I contacted my hosts and asked them to re-scan. They did and all was fine.

Sex Matters continued on its merry way.

The second corruption

I got the site an SSL certificate and last year opened a sub-domain for other projects I wanted to be involved with under the name of May More. Unfortunately I couldn’t afford a certificate for the second site.

About four months ago I once again received an email almost identical to the one above. It appeared now my sub domain had been targeted. I checked the scan report and saw that Sex Matters was perfectly clean. Then I did something stupid. I ignored the email. I was busy and wanted to write, not check code. And anyway I thought – it is only my second site – I will fix it when I have a bit of time.

But I didn’t. However, being as my main site -Sex Matters- is precious to me, I downloaded the Wordfence plugin for security and ran a high sensitivity scan. This confirmed the scan report from my hosts and indicated that even though the projects site had numerous infected files Sex Matters was completely OK – phew. I knew I should deal with the issues as the problem had got larger so… I put it off until tomorrow.

Tomorrow never came.

Both sites taken offline

The next thing I knew – at the beginning of May 2019 – both my sites were offline. When I attempted to sign into my admin, a screen said there were serious malware problems with the site ,and I needed to contact my hosts urgently. Others who tried to view my site as readers saw a tamer screen –

screenshot of May More website down

But, as mentioned above, I had two different scans showing Sex Matters was clear. So why was it offline?

I immediately panicked. Having put up a sponsored post earlier that day I didn’t want to appear unprofessional. I started to sweat and tried to get through to my hosts but could not even sign-in to them.

Finally I managed to open an online chat…

  • Without typing a thing I was put directly through to SiteLock. The first question they asked was my site name. Still only concerned with Sex Matters I didn’t even mention my projects site. But they did. “Is there another site you care about?” – were their actual words. Then I understood, somehow they already knew why I was there and which site had issues. I told them my projects site name. They replied,“We can clear that up for you,” and started naming prices.
  • I explained that I would not be paying them to do anything and said I wished to be put through to my hosts. But instead they cut me off.
  • Eventually I managed to sign into my hosts site, started a chat and asked why Sex Matters was down. They claimed that even though my main site did not contain any malware (so a third clarification), because my sub domain did, they could not let Sex Matters online either.
  • Knowing there were too many bad files for me to deal with myself, impetuously, I told them to delete the sub domain. Due to the malware I would need to go into my database and do that myself. Of course if I was unsure, Sitelock would sort the whole thing out for me.
  • More than once I mentioned that was I paying them to be my hosts on the assumption that they would help me to solve this kind of problem. This fell on deaf ears. I ended the chat.
  • Once in my database, I deleted the projects site completely. I attempted to copy a backup file but my computer is old without extra space, so in my haste I gave up on that.
  • Back online to my hosts, I told them what I had done and that I wanted Sex Matters up and accessible ASAP. They explained they would need to scan first. It didn’t take long before they came back and said a file in Sex Matters was corrupt also! How could that be? Only an hour before I had three separate assurances that it was OK. Smelling fishy.
  • I was fuming. Nearly in tears. It appeared this was some kind of “inside job,” because I had refused to take out a SiteLock plan. I checked the scan they had just done for the corrupted file name. Finding out on the internet what the code should look like, I hurriedly deleted the added bit. It did feel like a stab in the dark, and I do not recommend you try this unless you know exactly what you are doing, but at that point I was almost past caring.
  • Luckily I did it right. They scanned again and all was fine. Sex Matters was clean and up and running.

Who is this Security company?

Then I began to investigate who SiteLock are…

Cleaning Up

  • I needed to go through all the dead-links on Sex Matters. The links to my projects site. I used the Broken link checker.
  • Occasionally when I came across a link that didn’t exist, the plugin would offer me one from the online archive library. This is a valuable resource and I suggest you take a look at it.  It’s helped me gain access to many posts I thought were lost.
  • Missy also discovered that she was still able to see some of my posts from the WordPress reader and copied out the narrative for me. This is something to consider if you have lost any work.

My advice is

  • Make sure you are familiar with your site’s database.
  • Have a good security plugin like Wordfence as well as something that backs up your site (Editor snote: UpDraft is a good one to use — h/t to DomSigns for that tip)
  • Keep all themes and plugins updated as outdated scripts can cause a problem too.
  • If you get an email similar to the one above, do not ignore it.

Editor note: When in doubt, hire someone who understands these things and can help you. Michael Knight (aka DomSigns) is the person I recommend. Whoever you hire, they should be knowledgable and easy to work with.

May More

You can find me at my blog Sex Matters or on Twitter @may_matters. My writing is inherently personal, with posts describing my own sexual ventures into bondage, illustrated by real-life erotic photographs. I started writing fiction just over a year ago and am really enjoying using my deviant imagination to create erotic tales. Occasionally I pen some more earnest articles when I feel a topic is worth discussing.

12 Responses

  1. May More says:

    Thanks Kayla – I too would recommend Michael – he has helped me on more than one occasion. And I am sure would have here if I had asked x

  2. This was a great post for its informative nature, for its content it made me feel hot and panicky! (as I am sure the events did to you). I can confirm how helpful and approachable DomSigns is – he was endlessly helpful when I went self hosted.
    I am so glad you have not let these events silence your fabulous blog. Thank goodness you had expertise on your side and determination. Well done for coming out of this horror story so well.

  3. missy says:

    This is such a valuable article and I think it is everyone’s worst fear. I don’t think I would have been able to work our what you did but am glad I was able to help with a tiny amount of the retrieval. Fingers crossed many read this and can avoid the same thing happening. 😊

  4. Julie says:

    Wow May, I had no idea you had been through this whole saga! Glad everything is sorted and Missy and Michael were able to help. I concur that DomSigns is the man to call when in doubt. In fact he has told me to call him first when ANTTHING goes wrong. But then I did once delete my entire site accidentally, while in a pub!

  5. Raven Lee says:

    This is actually frightening and I can’t help but think somehow bordering on illegal? I’ll definitely be checking up on our security asap today. Thankyou Kayla and to May for sharing your story.

  6. Mischa Eliot says:

    Regarding posts, I highly recommend signing up with an email address and just archiving those emails when you receive them. That way, you have the text, you know where links went to, and you know what images were used. XoXo

    I’m so glad you got everything sorted out. I’d also highly recommend finding a new host. If I win the lottery (hahaha) I’m creating an adult-only sex-positive server farm dammit.

  7. Such a terrible ordeal to go through. That feeling of total and utter despair when you realize there is something wrong with your site is something I don’t even wish on my enemies. Glad you got it sorted, and thank you for this post, as I think this is also the kind of information we should share with each other.

    Rebel xox

  8. Cousin Pons says:

    This reads like a nightmarish thriller May. I am in awe of your abilities. Us lesser mortals, well me really, would just slump to the floor and sob. My abilities really stretch not much further than switching the computer on and off. I am sure what your have written so lucidly will be a help and comfort to those who find themselves in a similar situation.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: