Deep Jive Interests » wordpress vulnerabilities http://www.deepjiveinterests.com Thoughts on Web 2.0, Social Media, Marketing. Thu, 23 Dec 2010 02:51:05 +0000 en hourly 1 http://wordpress.org/?v=abc Hacked Again. http://www.deepjiveinterests.com/2009/06/13/hacked-again/ http://www.deepjiveinterests.com/2009/06/13/hacked-again/#comments Sat, 13 Jun 2009 16:33:56 +0000 Tony Hung http://www.deepjiveinterests.com/?p=1477

Read the rest of this entry »

]]> So, I was jazzed to write something new yesterday — the topic of which, I can’t even recall now — when I realize that the blog had been hacked again.  Yes, I am guilty of not upgrading to the latest version of WordPress (was running 2.5), and probably a host of other security laziness.  Anywhoo, the nature of the hack was pretty insidious.  I would try and login through the /wp-admin area, and it would automatically redirect me to a spam site.  The actual site would rotate, however, as I’d get a different one each time.

Ugh, what a nightmare.

In fact, even “searching” on the site triggered this particular behaviour, which was annoying and embarassing at the same time.  I spent the greater part of two hours yesterday combing through WP code to try and find the culprit file / code / hex / curse, but to no avail.

You may, therefore, notice that DJI is looking a little different, as I have went DEFCON 1, and simply obliterated my old compromised WordPress install, keeping my database.  I re-installed WordPress using a clean install, and am going with a simpler theme for now.  I’ll be sticking with it while I try and implement a few more things to lock down the security on this blog (as, of course, there a great many things that you can do in addition to running the latest version), which I will be implementing, and blogging about, shortly.

Cheerio

]]> http://www.deepjiveinterests.com/2009/06/13/hacked-again/feed/ 0