Hacked Again.

So, I was jazzed to write something new yesterday — the topic of which, I can’t even recall now — when I realize that the blog had been hacked again.  Yes, I am guilty of not upgrading to the latest version of Wordpress (was running 2.5), and probably a host of other security laziness.  Anywhoo, the nature of the hack was pretty insidious.  I would try and login through the /wp-admin area, and it would automatically redirect me to a spam site.  The actual site would rotate, however, as I’d get a different one each time.

Ugh, what a nightmare.

In fact, even “searching” on the site triggered this particular behaviour, which was annoying and embarassing at the same time.  I spent the greater part of two hours yesterday combing through WP code to try and find the culprit file / code / hex / curse, but to no avail.

You may, therefore, notice that DJI is looking a little different, as I have went DEFCON 1, and simply obliterated my old compromised Wordpress install, keeping my database.  I re-installed Wordpress using a clean install, and am going with a simpler theme for now.  I’ll be sticking with it while I try and implement a few more things to lock down the security on this blog (as, of course, there a great many things that you can do in addition to running the latest version), which I will be implementing, and blogging about, shortly.

Cheerio

This entry was written by Tony Hung, posted on June 13, 2009 at 12:33 pm, filed under Blogging, Deep Jive Interests and tagged , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared.

Powered by WP Hashcash