Back Online: SWLing Post Security Update and What’s Next

Leave a reply

This past week has been a bit of a rollercoaster behind the scenes. After enjoying about a week free from the Lumma Password malware, it unfortunately managed to reinsert itself—despite all of the security measures we had put in place. As mentioned previously, we believe the original entry point was a compromised user account with a weak password. Following the first cleanup, we forced password resets for all users and had our security team harden the site significantly. Even so, it appears some portion of the malicious code may have remained hidden in the database and was able to reestablish itself.

Out of an abundance of caution, I took the SWLing Post offline again this week so it could be thoroughly inspected and cleaned. I didn’t want to bring the site back online until I was confident the issue had been resolved and the site databases had been checked carefully. It’s been a time-consuming process, but the goal has been to ensure the site is stable and secure before returning to normal operation.

All of that said, this particular malware is known to be especially persistent and difficult to fully eradicate.

If it resurfaces again, I may have no choice but to take the SWLing Post offline for an extended period and rebuild the site from the ground up. This would involve migrating all posts and media to a completely fresh WordPress installation, with a new database, on a new server—essentially starting clean. It’s a time-consuming process and could mean the site is offline for a week or more.

Keep in mind that we have almost 10,000 posts, 47,000 comments, and tens of thousands of media files (graphics, audio files, etc.).

I truly hope it doesn’t come to that, but I want to be transparent about the possibility.

Also, if you happen to encounter a fake Cloudflare verification window like the one shown below—especially one that asks you to open a terminal or paste code—please do not follow those instructions.

This is a screenshot of the FAKE CloudFlare challenge window. We do use CloudFlare and they will ask for versification that “you’re human” sometimes, but they never ask you to input information into the shell/terminal of your computer.

This is malicious behavior. Simply close your browser immediately and let me know. You can reach me at this temporary email address. If you report it, it will help me respond more quickly and keep the site safe for everyone.

Thank you again for your patience, support, and understanding as I work through this. It truly means a lot.

73, Thomas

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.