Ah great: site down for a few days.
UPDATE: As you can see my site is back for the most part. I just need to add the theme back in, which I’ll do soon. Thanks for your patience.
Seems some hackers exploited my WordPress 2.5 some how. It’ll be a few days before I get everything back up and running again, since I’m pretty busy with school right now. Sorry for the inconvenience.
Comments (6 comments)
Sucks man, know how they did it?
Chuck / April 13th, 2008, 5:12 pm / #
Not sure really. There may be an exploit in WP some where or maybe a plugin I was using.
admin / April 13th, 2008, 5:19 pm / #
boooo that’s sucks!
Zoe / April 13th, 2008, 11:01 pm / #
Could be an SQL insertion trick? if wordpress is running against MySQL or PostgreSQL, that might be how they did it. Try using some regular expression checking in your text fields for where users can enter comments or text.
NobodyNotable / April 15th, 2008, 12:07 am / #
@NobodyNotable: I wish it was that. WordPress is pretty well hardened against sql injection. I think it was vulnerable because of the plugin wp-super-cache.
admin / April 15th, 2008, 1:12 am / #
Just to add my two cents here, it was probably the spammers who hacked thousands of WordPress blogs using old exploits.
Even blogs that updated quickly after releases were open to attack as the spammers may have known about the exploits before we did.
Hopefully as you’ve changed your passwords you won’t see any more problems from these evil guys.
Donncha O Caoimh / April 23rd, 2008, 5:28 am / #
Post a comment