This blog has been hacked.
I don’t know when it exactly happened, but I suspect it was yesterday. I think I saw it coming. The other day three new users registered to this blog as subscribers. Their email addresses are strangers to me, i.e. the first time I heard about them. I’m normally security (and anonymity) conscious that I intended to reset my passwords soon because of that. However, I failed to do so because I wasn’t accessing this blog much the past days. And yesterday (I’m convinced that’s when the hacking happened), I had to spend almost the whole day in Dubai that I hardly went online. Except for the few comments that I moderated through my phone.
As I reached home last night, something nagged me to check my dashboard. There I found out that:
(a) There were already two administrators for this blog. I don’t know how that happened but I’m supposed to be its sole administrator. Though it’s too late, I immediately disabled the registration function. This bogus administrator probably used the “back door”.
(b) The permalink structure was strangely modified. Hence, if a reader would try to view a single post, there’s a script above the title that says, “Parse error: syntax error, unexpected ‘”‘ in /home/witsandn/public_html/wp-includes/classes.php(108) : eval()’d code(1) : eval()’d code on line 1”. When I checked the specific php file, I hardly can locate the malicious code.
(c) The preceding script’s immediate effects are that: the reader can’t leave comments or worse the site appears to be inaccessible/down.
I’m not technically literate to immediately fix the bugs. But instead of getting more irritated about these hackers and how to delete or modify the php files, I just consoled myself that I better go back to basic rather than waste my time on thinking of the things that appear complicated to me. I was using one of wordpress’ old versions (2.5.2) and I never wanted to simply upgrade but to go for a complete reinstallation for peace of mind. I was thinking that if I wouldn’t reinstall, some files that contain malicious scripts would probably remain. After almost a couple of hours, backing up, reinstallation and importing of old posts and comments were done. Whew.
The following day, I learned that I was not the lone victim but even the widely read Tech Crunch and Lorelle. The common denominator is that we were using some of the old versions of wordpress.org (wordpress.com is different). As you probably know, wordpress.org as a self-hosted platform is widely used/one of the largest blogging engines.
I don’t know the reason of the other administrators for not upgrading their versions. We probably are alike in some ways in my main consideration that I don’t want to get out of my comfort zone, i.e. I was satisfied with the old version that I’m also afraid that any upgrading will screw my then layout (some themes are compatible with a certain version), etc.
I’ve installed additional security-related plug ins. But I don’t think these would affect much the functionality of the blog. But probably, some good souls will be affected by the content protector plug-in that I activated to minimize stealing of contents (you’ll see for yourself when you try to right click the photo and other contents). I don’t mind sharing of work as long as we respect each other’s copyright. ๐
Going back to being hacked, that’s a lesson learned. Whatever blogging platform we are using, we should be cautious about the obvious risks. I tell you, I cared about this, but I was really into it when it happened to me. In real life, I’m not afraid to get out of my comfort zone. But with a blog being maintained, I cared less with the upgrades because I used to think that it’s just a blog. But not anymore.
Well, when was the last time you’ve changed your dashboard, cpanel and other log in details? You know what I mean. Do it now. ๐
a2a_linkname=”wits and nuts”;a2a_linkurl=”http://witsandnuts.com”;a2a_show_title=1;a2a_hide_embeds=0;a2a_num_services=8;http://static.addtoany.com/menu/page.js
0 thoughts on “Blog attack”
angeli
hey wits, thanks for this. i will follow your suggestions.
LikeLike
cza
glad you got to correct it before they actually put malicious contents on your blog. Made me think to change layout design again. maybe later today. ๐
LikeLike
BlogusVox
Back-up everything, Ms.Jo. Including your blog’s html file. That’s the safest way to protect your blog. Hope everything is okay now.
LikeLike
jeanny
Glad things are okay na. Now Im off to my blog to back up everything!
Have a splendid day Wits!
LikeLike
ever
naku, i will try to check also my blog…teka at ngayon din!..
lately di ko rin mabuksan yung pamatay homesick error din…
LikeLike
dyosa
Thanks for posting this. Good to know that you and your blog are doing okay now.
LikeLike
sheng
I think i need to really do security checks…glad you had it back up and running.
LikeLike
redlan
thans sa info. wala akong kaidea.
LikeLike
kenji
talaga, nakakatakot naman, buti hindi na ginalaw mga templates or mga posts. hehehe, better safe na lang kahit protected na, okay lang.
LikeLike
dong ho
kakatakot to ah. what one can do i think is to change the password in a regular basis.
LikeLike
fortuitous faery
scary! it’s advisable to change your blog admin password occasionally. thankfully, i haven’t experienced a blog takeover with my blogger blog. i hope to never go through that.
LikeLike
Photo Cache
That is scary indeed. At least you knew enough to do something. If that happens to my site (big knock on wood), I would not know where to begin.
.-= Photo Cache´s last blog ..Scenic Sunday # 13 =-.
LikeLike
yummybite
that is really scary. thanks for sharing this as this might happen to anyone of us. sana di na mangyari pa ulit. take care!
LikeLike
kg
wow! i didn’t know that this could happen! thanks for the heads up! hope you’re “unhacked” na!
i missed you wits! ๐
.-= kg´s last blog ..Discovering Bangkok: part 1 =-.
LikeLike
Sinta
That’s very scary ๐ฆ We just have to keep on top of software versions and change our password often. After reading this post, that’s what I just did. I hope they stay away now.
.-= Sinta´s last blog ..I heart black boots =-.
LikeLike
PM
bute okay na. at least it tells you mega popular ang blog mo diba? LOL pero nakakatakot din eh no mahirap na habulin tulad ng e-mail ko hay nako.
.-= PM´s last blog ..Spell Yacht =-.
LikeLike
dyanie
glad that your blog is ok na. ๐ buti walang ibang nangyari.
love your new layout jo esp the header! ๐
LikeLike
kreez
buti naman ok na, nako you can never be too careful talaga in the internet, ako nga may nagcomment lang sakin ananymously na my blog daw was being fed to a different site parang ganon. I still haven’t learned how to fix it yet, may reinstalling would help din.
.-= kreez´s last blog ..Final Trimester Begins =-.
LikeLike
witsandnuts
That’s very strange.
LikeLike
luna miranda
good thing you’re vigilant about this stuff. i’m an illiterate about this tech stuff…but will try your suggestions.
.-= luna miranda´s last blog ..Kare-Kare for Lasang Pinoy, Sundays =-.
LikeLike
deuts
Sad to hear about this happend to your blog. I was reading about this attack lately in the blogosphere, particularly to the wordpress blogs. I’m just glad I upgrade my site right away upgrades are available. It’s so much easy now with the automatic upgrade feature in WordPress since version 2.7 (I think).
.-= deuts´s last blog ..Create A Custom Font Style Based on Your Own Handwriting =-.
LikeLike
witsandnuts
I was using the 2.5.2 version. I haven’t upgraded since I installed in May 2007 (thanks for your help!). Maybe I was too scared to upgrade. I learned my lesson. ๐
LikeLike
blue rose
OMG! that’s very scary ha. buti nalang naayos mo rin agad. sana lang hindi na maulit.
.-= blue rose´s last blog ..happiness! =-.
LikeLike
Rico
Some of the terms you used have no real meaning to me. I don’t really have that much security on my site! KG’s site too, which is under my site’s umbrella, has minimal security. Yikes! Please email me privately what plugins to install.
.-= Rico´s last blog ..great expectations =-.
LikeLike
witsandnuts
I’ll send you an email re: plug ins.
LikeLike
witsandnuts
Thanks, everyone. We need to pay attention to upgrades as these minimize security risks and of course, the “periodical” changing of log in details.
LikeLike
Nebz
I’ll take your advice. I’ll start changing my passwords and backing up my work. And yes, I smiled after right-clicking the overhead photos. Cool!
LikeLike
witsandnuts
Haha, somehow I thought that I’m spoiling the fun for the copycats. ๐
LikeLike
bw
good advice. Somehow the upgrades are kind of mandatory because it fixes the security bugs that have been discovered. In your case the hackers just did a denial of service attack. Good that they did not damage your files.
.-= bw´s last blog ..A Day Trip to the Capital City =-.
LikeLike
witsandnuts
Oo nga, buti DOS attack lang.
LikeLike