0xDECAFBAD

It's all spinning wheels and self-doubt until the first pot of coffee.

hacked?

Crap. Somehow, someone's gotten access to edit my posts on this blog and have crapped in loads of viagra linkspam. I've probably destroyed the evidence already by deleting the spam as soon as I saw it — and as soon as some friendly readers emailed me pointing at more. I've done the obvious, changed my password and tried to lock down the admin pages a bit. But, I don't know who, how, or why. Ugh.

So, my apologies if anyone sees any offers for penis pills around these parts. A heads up would be kindly appreciated as I scour my records and grumble.

Archived Comments

  • I have heard that wordpress needs to be updated to the security point releases consistently. This is something that I try to stay on top of. Don't remember this being that big a deal with movable type. Could be a design flaw for wordpress, or perhaps PHP.

    At one point I was using rsync to synchronize the new default files, and then hitting the dashboard to update the db design if it had changed. last update I did manually since I needed to move some photo links around in mysql. I still think rsync is a good tool for this task. Though lately they have been obseleting some files and they probably shouldn't be left around. what were the permissions on your files?

    -tanner

  • Are you hosting on dreamhost?

    http://blog.dreamhosters.com/2007/06/06/dreamhost-ftp-accounts-hacked/

  • Thankfully no, not on dreamhost. Unfortunately, that means I don't have that excuse. :)