Preserved Lemons: Lessons from a Hacker

Spending the better part of a week cleaning up after what my hosting company called a “compromise” in this site’s security, I’ve been less than thrilled about settling down to write.  The “compromise” was a serious hacking of numerous files in Sass & Veracity, as well as a fledgling art portfolio site I gave my son for his high school graduation last summer, and for kellementology, the non-food blog I rarely spend time writing any longer.

The clean-up —  many more than the two files the hosting company found and isolated before they alerted me — involved among other things, more than 100 html files tucked into nooks and crannies like a vine creeping through a garden it doesn’t belong in.  At first, it was like looking for that needle in the haystack we so often hear about.  Part of the difficulty is obvious:  I write.  I cook.  I take photos of what I cook.  I don’t always know exactly what code is supposed to look like — especially code that is written to look similar to the real thing. And then there were the seriously creepy “Silence is Golden” comments sitting in several htaccess files.


I didn’t mind doing any of this work.  Ultimately, I enjoy learning, and without looking at the necessary cleaning up as a huge opportunity to learn, I’d have been lost.  That doesn’t mean it wasn’t eyeball-crossing, slower than molasses in January, horribly tedious work, however.  The worst thing about it was finding out the hack job involved Google searches.  I inadvertently clicked on a spelling of my URL I don’t usually apply excluding the customary spaces between Sass and Veracity.  At first I didn’t notice anything, but after scanning the page realized listings of my content contained a variety of references to prescription drugs.  Looking at them more closely, I opened the “cached” versions and an image of my front page and header appeared with all of my pages, links, and post titles actively sporting links to a site selling those drugs.

Worse?  Some of them had the Stumble Upon button posted next to them which means my site was not only being associated with bottom-dwelling scum-sucking creatures of the planet, it was helping to garner traffic to their sites — all of which I’m sure thrive on other people’s hard work.  Interesting, isn’t it?  Someone hacks a site, then submits it to Stumble Upon and makes sure it’s cycled through on a regular basis.

At first I was disgusted.  Then alarm took over when I saw the extent of the compromise, but finally I was resigned to getting it all taken care of by eliminating the infectious files, contacting Google about the spam pages, calling ANHosting to make sure the files contained what I thought they did (insert fear of deleting the wrong files here), referencing the WordPress codex, following the clean-up advice ANHosting provided, and then just waiting to see if everything was fine.

My waiting has actually been more avoidance than anything else, because the entire experience has left me feeling creepy.  Like someone has been in my house.  I’m a productive avoidance practitioner,  continuing to cook and take photos, but I’ve also done quite a bit of thinking about this business of blogging about food, the amount of time it takes, and how much it has inserted itself into the time I used to have for other interests, like gardening, or writing about something other than food.  Paying attention to world events.  Laundry?  So I’ve been outside behind our house enjoying the early Spring weather where I am slowly giving a face lift to my long neglected patio, and thinking about what context to slot this hacking experience into.  Hint:  one that isn’t about pageviews, bounce rates, SEO, ads, who is following whom or “retweeting” what.

Call me cranky.

In the meantime, I’ll share with you what I’ve learned about how to survive — or better yet — help prevent a hacking if you’re interested, and for good measure, my second or third attempt to preserve lemons, gifted to me by my sister-in-law who has a little tree behind her house.

Preserved Lemons

I first learned of preserved lemons after hosting a dinner where my friends and I all prepared dishes from the Middle East, and one of recipes I selected required preserved lemons.  It was too late to make them at that point, but I was so interested in finding out what their flavor might add to the dish, I decided to try and make my own.

17 lemons (10 for cutting & 7 for juicing)

sea salt

1 lg. cinnamon stick

2 bay leaves

1/4 tsp. or so whole black peppercorns

2 pinches coriander seeds

a pinch of whole cloves

a lidded jar large enough to hold all of it, with lemons completely submerged

6 weeks of time

a mildly warm, dark place

Pour enough salt into the bottom of the jar to cover it well.  Cut the stem end off the lemons and slice each into quarters without cutting entirely through them. Pull each open carefully and sprinkle the flesh generously with salt.  Put the lemons into the jar as your work, pressing down on them and sprinkling additional salt. Add the spices to the jar as you proceed as well.  When the jar is full, pour lemon juice over to cover.  Press on the lemons again to completely submerge them in the juice.  Allow to sit, turning the jar once a day and checking the progress.  The lemon rind is ready to use, thoroughly rinsed, pulp removed. in recipes in 6 weeks.  I’ll keep you posted.


  • I have tried one recipe for preserved lemons that was a complete fail.  The problem seemed to be in not having all the lemons completely submerged even though the recipe I followed did not say to do this.  Sounds like I’m whining, doesn’t it?  Even though my practical cook’s brain told me that food has to be IN the brine or solution it’s being preserved in, I approached the recipe very literally.  Suffice it to say that it provided an interesting moldy experiment in the recesses of my cool, dark laundry room for 2 months and wasted 6 perfectly lovely lemons.
  • Adding juice to the jar of lemons vs. simply pushing on them to extract juice seems to also be a point of contrast in the recipes I’ve looked at.  The juiciness of lemons can vary, so follow your lemons so to speak.  Add juice if necessary after pressing down on the packed jar.
  • I also tried one of the “quickie” preserved lemon recipes — many which seem to come from Mark Bittman.  I used them in one of his salad recipes and am sad to say they ruined the salad.  So much so that we weren’t able to eat it. Again — great flavor is often achieved because of the process.  When using a quickie recipe, I
  • Most sources mention keeping the jar of lemons in the refrigerator, with some saying it isn’t required.  I went with the one that said otherwise since I’m on an experimentation track.  Maybe the third time really is the charm.
  • I’ve got 4-5 weeks to go before I can try my preserved lemons in a fabulous dish.  I have my eye on quite a few.

Here are a few additional sources for how to preserve lemons:

There are many, many more sources for preserving lemons in relatively similar fashion, but making lemon confit requires sugar.  Here’s Eric Ripert’s recipe as published at Food & Wine if you’re curious about it might be used differently than Moroccan style preserved lemon.

Notes on Lessons from a Hacker:

  • Keep your WordPress installation, themes, plugins, and widgets updated (I do!).
  • If you have plugins or themes you’ve uploaded in the past, but are not being used, delete them from your files instead of simply deactivating them.  Even if your site is routinely updated, the files for the other things won’t be and you’ll have to sift through them as well to find the hacker’s work. (Ask me how I know.)
  • Your hosting company is your friend, so it’s helpful to be courteous.  They’d love to get rid of anyone who is putting other clients on the same server in jeopardy.  It’s not their responsibility to keep your site clean.  I was thanked for asking specific questions to help solve the problem instead of expecting them to find and fix it.  Think about it this way:  Is it law enforcement’s job to keep your home safe?  No.  I sound cranky, don’t I?

  • Get to know what’s available to you at Google Webmaster Tools.  You can report spam there and/or clear your site if it’s been identified as an attack site (thankfully, mine didn’t — or if it has, no one has told me).
  • Make lemonade of the lemons.  Here’s my creative depiction of some of the code I removed from my site.

lemonade out of lemons

12 thoughts on “Preserved Lemons: Lessons from a Hacker

  1. I am so sorry this happened to you. I have to say what you describe is my worst nightmare when it comes to blogging. Good for you for taking it all in stride.

    1. I’m still on the look out for evidence and am very wary. The good thing is it never crashed the site, and everything is still in one piece. Could have been much, much worse. 🙁

    1. Jenn, I’m thinking that with all you handle at the Foodie Blog Roll you’ve probably had similar experiences, right?

  2. I guess I’m so naive– I know sites can get hacked, but I never think it will happen to me! Of course, I never thought I would love Brussels sprouts, so… lesson learned 🙂 I would love to make preserved lemons someday! Recipe looks great! I have never had the quickie version, but I can totally see how the depth of flavor would be compromised.

    1. I think the first time I was hacked, somebody had accessed my dashboard and drafted about 30 posts. They were just sitting there and for some reason the hacker couldn’t get them to post. Seriously creepy. On the lemons, lots of people seem to be making them right now, so you’ll have lots of great advice. Good luck with yours!

  3. Oh my lord that sounds OBSCENELY frustrating! I’m so glad you came out of it okay with your wits about you and not completely hellbent on never blogging again. Because that would have been tragic. I’ve always wanted to use and try preserved lemons but I can never find them in the store…and now I don’t need to! These sound delicious! Perfect for all sorts of tagines and middle eastern dishes.

    1. I have a love hate relationship with my food blog. It’s a obsession that has prevented me from doing any serious writing. Great excuse, isn’t it? Sometimes I think things like this happen because I just need to step away.

  4. Ugh. Total bummer! So glad that you’ve made headway in getting everything cleaned up… and now I hope it never happens again.

    I can’t help but think that this post is a great example of what to do when “life gives you lemons…” 😉

    1. That’s exactly what I was thinking. Sort of funny how the lemons showed up about the same time it happened. And it’s definitely not lemonade weather, so what the heck.

  5. Oh my goodness. What a tale you tell about hackers. Thanks for the advice. I’m off to delete my unused plug-ins. Also bookmarking this post for future reference.

    I know what you mean about food blogging taking over your life. Sometimes I think I’m a bit out of balance. With no kids at home and a very patient husband, it’s easy to do. Suspect it would be really bad if I didn’t work full-time.

    1. Thanks for the feedback. I only wish I had more patience to write about more of the details. Only today, I found out my site was down for most of the day, and after I called my hosting company, they mentioned two sites on my server were seriously cracked (his word). Leaves me thinking that’s where I may have picked up the problems on my site. Cheers to you for working full time and keeping your website. I barely pulled that off in the year I returned to work. I have new found appreciation for time at home and how I spend it. 🙂

Comments are closed.