It’s all fun and games until your Muppets fandom website is targeted by repeated cyberattacks (wocka wocka!).
Joe Hennes, the Muppet fanatic who owns and edits ToughPigs, a fan blog devoted to Jim Henson’s beloved puppets, has spent years grappling with determined hackers. He first knew something was wrong when the website wouldn’t load properly: Instead of words and images devoted to Kermit the Frog and friends, he was staring at a single line of text…in Russian.
“It was like, obviously Bad News Bears,” Hennes said.
Hennes, who was unable to pinpoint when the hacking attempts first started, said the hacking problem was fueled by the website’s antiquated nature (ToughPigs was created in 2001). The hardest part about the whole ordeal was that, although Hennes had learned a thing or two about HTML and the difference between secure and insecure plugins over the years, he said none of the volunteers and co-owners who help run ToughPigs were true “tech people.”
“None of us know anything about how to actually run or design a website,” Hennes said. “We can write blog posts, we can create images and podcasts, but as far as the guts of the website? Completely in the dark.”
But wait, there’s more! Things got worse for ToughPigs. The website would go down, according to Hennes, only to be replaced with pages entirely unrelated to Muppets and ToughPigs content.
“This time, it’s not just a line of text,” Hennes said. “It’s a foreign gambling site, or for a while, it was a website that sold knitting supplies.”
Tim Nash, a WordPress security consultant and managing director at cybersecurity firm Tempered, doesn’t have any relation to ToughPigs, but suspects a couple of things could have caused this nightmare for Hennes. ToughPigs visitors encountering a faux website, he said, could have been the result of a traffic scam, where unscrupulous techniques are used to drive more visitors to an (often unsuspecting) client’s website.
“So, they take over your Muppet site and go, ‘Okay, well, the knitting website needs some traffic today because they’ve paid us $10 for 1,000 visitors. Redirect people from the Muppets site directly to the traffic site,’” Nash said. The wonky ToughPigs homepage could have also been a side effect of an SEO scam or a DDoS attack against another website, he added.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Hennes also began to notice weird activities going on with ToughPigs behind the scenes.
“We were seeing security plugins being disabled and new plugins that were maybe a little more nefarious being installed,” Hennes said. “We were seeing new admin users on WordPress being added that were not members of our team, and we were seeing the worst slowdowns of our website.”
Why would anyone hack a Muppets website? After working with three techs and taking ToughPigs offline for two weeks, Hennes discovered the culprit behind the reoccurring mischief was stray code on the site’s backend.
“It allowed bots to start coming in,” Hennes said, adding that the bots were able to parse information from the website to extract admin usernames and commit other nefarious acts such as removing two-factor authentication.
“Part of me is like, ‘Well, I guess it’s not personal. That’s nice,’” Hennes said. He joked that he wished a malicious actor targeted ToughPigs because they saw some value in it, instead of it being an impersonal automated attack. The Muppet connoisseur said he believes all of ToughPigs’ attacks were performed by bots, but wouldn’t be surprised to hear a human was in the mix initially.
Such automated attacks are the norm for WordPress websites, according to Nash.
“That’s the really horrible thing,” Nash said. “When you have someone sitting there going, ‘My livelihood’s being destroyed,’ and you have to tell them that the person who’s doing it doesn’t even know who you are.”
Lessons learned. In true Muppets fashion, Hennes said there are lessons to be learned from his lengthy tango with his site’s issues. He suggested small businesses and website owners spend time educating themselves on how to navigate the server and backend of their sites.
Meanwhile, Nash has some simple advice: WordPress owners should strive to keep their sites as updated as possible, “That means keeping your WordPress site up to date, that means keeping the plugins up to date, and it means keeping the theme up to date.”