Well, hello there! Can you spot the difference?
This is just a little update, really.
Unless you’ve been living under a rock, or you’re not actually a blogger yourself, there’s been A LOT of stuff cracking off in the blogosphere lately.
I’m no expert on these things, so I’ll link to a few people who actually know what they’re talking about below, but suffice to say – the past few days have been extraordinarily nerve-wracking for all bloggers who had themes coded by Pipdig.
(We’re talking into the thousands here.)
Incidentally, if you’re a blogger who’s not sure what to do next, I’ve also popped some links to fantastic advice from some very lovely, helpful people at the bottom of this post.
The past few days have been unbelievably stressful while we’ve grappled with all of the allegations and revelations that’ve been coming out thick and fast, along with considering the implications that they have for our blogs.
The allegations against Pipdig include:
- Using our blogs to attack rival web designers with DDoS attacks,
- Installing a drop tables function which basically acts as a ‘kill switch‘ that could enable him to delete our entire blogs remotely without our permission(!),
- Installing ‘backdoor’ code, which would potentially enable him to gain admin access and change our passwords; effectively giving him the power to lock us out of our own blogs,
- Slowing our blogs down if we’re with certain rival hosting providers, so that we’d blame those hosts and then (presumably) consider migrating to the Pipdig hosting service instead,
- Changing content in our blog posts – Pipdig installed code which automatically changed our links and redirected them to the Pipdig site if we mentioned certain rival services,
- Disabling certain plugins, or specific functions of them, without our permission,
- Holding information about us (email addresses etc.) without our consent – therefore probably breaking GDPR law,
- And deleting some of the iffy code once these allegations started to come out (presumably) in an attempt to cover things up.
These problems were initially only thought to affect WordPress Pipdig themes through the Pipdig Power Pack (P3) Plugin, but it later transpired that malicious code was also written into Pipdig Blogger templates too, so they were also partaking in DDoS attacks on competitors. (His host has thankfully stepped in and removed that code now.)
Pipdig, of course, denies these allegations, but the web developer community on Twitter has been finding evidence of these allegations, plus monitoring the code and noting changes throughout the past week. They’re also the stars that found the nefarious bits in the first place, and frankly, I think we owe them a lot of gratitude!
It’s all been a bit stressful…
…I’ve spent the past five evenings tethered to my desk until the wee small hours, pulling my hair out, mainly. There’s been a hell of a lot of onerous work involved with this. From backing up my whole blog in two different places, to deleting said nefarious plugin, to scouring for a decent yet (relatively) affordable theme to switch to, and then customising said theme so that it looks semi-decent – just to keep things ticking over for the time being.
(I’m not even going to go into how peeved I am that I’m nearly £350 out of pocket as a consequence – £281 to the old (potentially discredited) designer that I’ll probably never get back, along with nearly fifty quid to another for this new design.)
It’s all left me, and many other bloggers, completely frazzled – not to mention out of pocket, jaded and worried about what the future may hold. I’ve personally barely slept or eaten while all this has been cracking off… Which is probably why I’m making little sense and rambling even more than usual. Sorry.
On the plus side, Katie Writes isn’t part of a humongous network of blogs allegedly attacking the websites of rival web designers anymore, and it should be running much faster too, as a consequence!
So, if you could please bear with me while I continue editing surplus shortcode out of old posts, and re-format a whopping 398 posts to fit this new design – I’d really appreciate it! Things might look really different, and there are still going to be formatting issues if you’re reading older posts – but rest assured – I’m working on it!
Want to know more about these issues with Pipdig?
Here are some links, from people who actually know what they’re talking about, that’ll definitely explain all of this better than I can:
- Peculiar PHP Present In Popular Pipdig Power Pack (P3) Plugin // Wordfence blog (Somebody’s as much of a fan of alliteration as me, aren’t they?)
- Pipdig Update: Dishonest Denials, Erased Evidence, and Ongoing Offenses // Wordfence blog update
- Security alert: pipdig insecure, DDoSing competitors // Jemjabella
- Pipdig: Your Questions Answered // Another update from Jemjabella
- THE PIPDIG DRAMA: What You Need To Know, Is Your Site At Risk And What To Do Next… // The Bloglancer
- The curious case of a WordPress plugin, a rival site spammed with traffic, a war of words, and legal threats // The Register
- Pipdig Updates P3 Plugin after Reports Expose Vendor Backdoors, Built-in Kill Switch, and Malicious DDoS Code // WP Tavern
Are you affected by these issues with Pipdig and don’t know what to do next?
- This thread from the wonderfully helpful Zoe Corkhill (Mama Geek) on Twitter explains everything and gives steps on how to change themes for both Blogger & WordPress. (Find it here.)
- This incredibly comprehensive blog post from XOMisse helpfully takes you through all of the steps you need to take too!
- If you’re a Pipdig Host customer, here’s a reassuring statement from Kualo on what’s going to happen next.
Oh, and though I doubt they’d be reading this – I would love to thank all of the developers who’ve been in detective mode digging out all of the offending code and alerting us all to how dangerous the situation was. We wouldn’t have known anything about it without them – we’d likely still be running blogs that had dodgy code in them, which doesn’t bear thinking about.
I can’t stress how personally grateful I am to them all, because they’ve done a stellar job at uncovering a whole heap of controversy and potentially illegal activity, and kindly assisting tons of confused bloggers, all while having to deal with a few ‘big names’ accusing them of making it all up to discredit Pipdig and claiming this is all a big conspiracy – no, really 🙄 – and they haven’t even been paid for all their hard work. You’re incredible. Thank you!
What do you think of the blue, by the way? Should it stay or should we go back to pink?