Firefox 3 security warning and work-around

If you’ve recently upgraded to Firefox 3, this site has a nice new feature for you.  Whenever you attempt to navigate the site, it tells you I’m trying to do nasty things to your computer.  Let me reassure you: that is not the case.  Give me a moment to explain, and I’ll tell you how to make viewing my site tolerable.

Last week, I returned from vacation only to find that my blog had been hacked and was trying to run malicious scripts on unsuspecting visitors.  Had the hackers been somewhat smarter, they might have tried to do so without totally crashing the site, so that I didn’t have a clue anything was going on.  Unfortunately for them, I had a clue.

To clean things up, I backed up my WordPress database (which contains all the posts, comments, etc.) and wiped my website clean.  Everything was deleted.  I then re-installed the latest version of WordPress (I had been running an older version, which is why it was hacked) and all of my plugins and themes.  It took about 15 minutes once I realized what I needed to do, and it wasn’t particularly difficult.

Now I have plugins that let me automatically upgrade WordPress when the new version is out.  Previously, that had been a harrowing process because of all the data I could possibly corrupt, but it should be relatively painless in the future.  That will make things safer around here for all of us.  WordPress isn’t inherently insecure; actually, the developers patch vulnerabilities fairly quickly.  The trick is to just keep up with them, and I should be able to do so from now on.

So what does this have to do with the warning you’re getting on Firefox 3 (or Google’s search results)?  The nice folks at Google, Mozilla, and StopBadware.org work together to protect you from yourself while browsing, and they currently think I’m trying to harm you (or, more accurately, that someone else is trying to harm you by using me).  That’s not the case now, but they haven’t reflected that yet.  I have submitted my site for review, so eventually they should catch up.  For now though, if you’re using Firefox, you’re still getting that warning, and it’s probably preventing you from logging in to post a comment.

I wouldn’t normally advocate bypassing computer security features, especially when they’re based on the reliable sources I mentioned above.  But, I have to be able to log in to post things, and hopefully you want to as well.  If you want to post a comment using Firefox 3, I suggest going to Tools > Options, and on the Security tab, un-check “Tell me if the site I’m visiting is a suspected attack site.”  You can re-check it after you’re done visiting the site, and I will keep track of my status in the site review process so you don’t have to do this indefinitely.  If you don’t want to do that, I’ll understand.  Another option is to subscribe to the site feed and read in your favorite feed reader, but you’ll miss any stats I post.

Anyhow, I appreciate you reading the site, and I just want to let you know I’m working to fix it.

UPDATE 6/20/08: Google’s search results page no longer displays a warning about my site, but Firefox 3 is still blocking it.  Stay tuned.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s