A little over a week ago, I encountered the perfect storm of nuisances. That Friday morning, I was having the bathtub reglazed, meaning noxious fumes would force me out of my home office for several hours. Living in Santa Monica, I wanted to view this as an unexpected bonus day off, but my work was simply piled too high to completely ignore.
After a couple hours at a local coffee shop, I drove the Mothership (my 1969 Pontiac Catalina) up the coast to a dog-friendly beach in Ventura County. It was one of those calm California afternoons. The heat wave had eased up, and the surf was flat as glass.
Then, my phone started ringing. I still had enough projects pending that I was forced to be one of those idiots who couldn’t just enjoy the beach in peace. Instead, I end up on my phone yakking away and ruining nature with work best left for the office.
“Dude, what’s up with your site?” a PR friend of mine called to ask.
“Nothing that I know of,” I said, and as the words left my mouth I started to fear the worst.
Yep, Startup50 had been hacked, redirecting mobile users – only mobile users – to a porn site. As I cleared my mobile browser and checked again, my dogs found a pile of seaweed and dead starfish to roll in.
It was just going to be one of those days.
When the fumes from the reglazing had finally dispersed, I dug into some serious research. I found, oddly enough, that the porn site wasn’t to blame; rather, someone in their affiliate referral network was trying to hijack traffic via a malware that inserted itself into sites through advertising networks.
The problem here was that some of the ad networks only verified that an initial ad was safe, but failed to approve revisions. That’s where the attackers found their way in, exploiting a WordPress vulnerability.
Sucuri’s website has a good overview of this attack, if you’re interested in the details.
On my site, the damage was limited, other than a few annoyed followers. I pulled the site down for a few days, cleaned it up, reconfigured some security settings, turned off all ad networks for the time being, and now we’re back.
To everyone who reached out during the outage, I appreciate all of your advice and good wishes. To my entire audience, I’d like to apologize for this headache. We’ve recovered, our defenses our stronger, and Startup50 is back in action!
To the attackers who compromised the site, enjoy your Dante-esque journey to one of the inner rings of hell. You’ll be there soon enough.
In the meantime, I’m taking this opportunity to make some structural and business model changes to this site. You’ll see more in the coming days. . .
