Caution: Articles written for technical not grammatical accuracy, If poor grammar offends you proceed with caution ;-)
Many of you may have noticed over the last few weeks that Dailyhypervisor has had some ongoing issues. It all started around the same time my 2 year old son went into the hospital I had gotten an message from a friend letting me know that google had flagged dailyhypervisor.com as a malware site. Sure enough it had been flagged and malware was indeed present. With no time to properly resolve the issue I did the only I could do to prevent anyone from coming to my site from being impacted by the malware. I took the site down.
For me it was a quick temporary fix until I could find the time and focus to get it back up and fixed. Of course it wasn’t until 11 days later when my son was finally released from the hospital that I got to fixing the site. My fix was to perform a complete restore from a known good backup. Luckily I do subscribe to a cloud based backup solution that takes nightly backups and I was able to determine when was the best time to restore the site to. However I knew this wasn’t going to need to be the only step I took.
After the restore was completed I then needed to try and figure out how they got in and try to lock it down to prevent further incidents. After hours spend reviewing the security I already had in place, file permissions, firewall rules, and updating all components of the site I got to a point where I felt I had done all the things I needed to and everything should be ok. Well I recently just found out that was not the case. These lechers of the internet that exploit any sites they can with vulnerability’s in order to turn them into petri dishes for spreading malware and other malicious code once again gained access to dailyhypervisor.
After doing yet another restore and and exhaustive review of the site again I decided to dig deeper into the plugins that I was using on the site. I believe the download manager plugin to be the culprit but also discovered other plugins I was running that haven’t seemed to be maintained in a long time. I ended up removing all the plugins that I felt were insecure, outdated and posed a security risk to the site and my readers. With the removal of my download manager I will have go to through the entire site and update all the links to all the downloads to point them to the external sources where our downloads are located. In the meantime if you need to download any of the packages we have shared you can find them on github or VMware Sample Exchange.
I would however like to take this time to apologize to all of my readers for the ignorance of these hackers that hide behind their keyboards in the darkness and prey on those of us trying to be productive and helpful. The craziest part is in the last year my blog has probably been the most secure it has been since I started it in 2009 and I’ve never had these issues before in the past. The good news is they have not hacked or gotten access to the database, just the file system of the site.
I would like to ask all of you that if you see something, please say something. Please send me a tweet to @vmmeup if you notice anything off. I have up’d my game a little I now have a solution that monitors all my files and notifies me of any changes, but this isn’t bullet proof and I can’t look out for it ever minute of every day, so please if you notice anything strange with the site moving forward please let me know. Thank you all for your patience and I resolved this issue and for being loyal readers.
Sid Smith