Hacked (but recovering)

Well, I got hacked by not so nice people robots, informed about it by nice people (whose sites were hacked as well and who found me in their spammed link bait).

Yes, cleared the mess by now – and slowly recovering. Will see how this works out.

ps. I did have backups, nice long passwords, and a pretty current WordPress install. Will elaborate on this as soon as possible.

[Update: it’s been a nasty Spam Injection – ie. while normal users of this site didn’t see the spam links, but the Google bot did. With the help of the Googlebot Spoofer I was able to see the actual mischief, ie. links to all sorts of warez et al.

The actual spam wasn’t embedded in the posts (or the database) but was deposited in extra files on my server, hidden from plain first sight and referenced via an hacked .htaccess file.

The compromising access to the files was achieved via an outdated WordPress plugin – not one that I missed to update but one that seems to have degraded over time and development from WordPress 2.x to 3.2.x.

My fixes included a) kicking that stupid plugin b) fixing the .htaccess c) removing the spam repository files d) changing passwords everywhere (WP users, database, ftp access and e) some hidden sauce that I won’t blog about.

So hopefully this write-up helps others, namely those webmasters that I informed via Email about their compromised sites.

tags:

Leave a Reply

Your email address will not be published. Required fields are marked *