So, about the time I was feeling smug about my sleuthing as reported in my previous blog entry, I realized with alarm that the site had gotten away from me. The virus or malware, whatever it was, regenerated itself in my WordPress site despite my efforts to remove it. Somehow, somewhere, my password had been compromised or a sinister plugin had hatched a backdoor. The only cure was to take down the site entirely.
With trepidation, I used one of the tools I found in the WordPress interface to back up the data. It created a file with a strange .gz extension. Fearing the loss of months of writing, I also copied and pasted the text of the first half-dozen most recent blog entries. Not hardly enough, I realized later. Dismantling the site was deceptively easy. Just click “deactivate” in the file manager, and POOF! Strange how a couple of folders in the subdirectory refused to be deleted. Hmmm.
Probably for that reason, I had the odd problem of not being able to reinstall the blog in a subdirectory of the same name as the compromised one. I had to give the location of the new install a different name. Not good, for linking integrity. But better a blog with a zillion broken links than a virus-compromised one that’s been driven offline by malware.
Restoring the database was not simple sincethese instructions were useless to me — I’m gonna type “user@linux” gobbledegook, etc? Yeah, right. I mulled over the daunting technical problem for a few days and finally determined I’d call my hosting service for help after another stab at it. In the meantime, I thought it better not to log in at all on my other WordPress blog. And I did a complete virus scan on my main computer at home and also ran the Windows Malicious Software Removal tool.
I ended up finding the answer in Yahoo web hosting’s help files. I needed to install a “dashboard” in my blog’s MySQL database, which is the bunch of files and tables that the PHP commands in WordPress write to, and after that was accomplished, I could use the .gz backup file to restore my blog.
I still can’t believe I figured it out, or that it actually worked. Then after this unexpected success, I tried again to put the blog back in the prefered blog directory, instead of the renamed one. And that worked too! Almost fell on the floor with relief! A few details still remain to be worked out, such as the dropdown menu, which is quirky/invisible now. However, the virus that was redirecting my site to spammy sites is eviscerated — thank goodness.
I just can’t figure out why someone would be so skewed toward their own greedy ends that they’d devise a malicious method to turn other people’s websites into robot drones, feeding traffic to spammy sites that nobody but the most easily deceived will click on, anyway. Horrid selfish evil greedy bent programmy types. More of you warped souls need to follow the Google Code of Conduct: Don’t be evil. God needs to make more people community minded in this world. Altruism is a sign of higher development. Being deliberately scummy for your own financial ends is just plain wrong. I wrestled my website back from where it had gone over the brink into the darkside. Yayyy, me.