On Hacking and Pirates
January 16th, 2007 by Michael Gray in Random ThoughtsIf you're new here, you may want to subscribe to my RSS feed. Read my top posts or learn more about Michael Gray. Want more frequent updates follow me on Twitter. Thanks for visiting!
So as many of you know this site and several other SEO sites were the target of hacker using a wordpress exploit, to gain access to my site. Plain and simple the problem rests on my shoulders for not keeping my wordpress install up to date. I was at least one or two versions behind. While updating wordpress isn’t hard, it does become a bit of a bother if you run multiple sites, but being lazy is no excuse for lax security. So to you mr hacker you won and enjoy your moment in the sun. For those of you who want the complete drama read on …
Last night was the monthly meeting of Internet Marketers of New York (im-ny.org) which I’m a member of. Todd aka Stuntdubl asked me if I was free and could catch an early train into the city early for a bite to eat. After dinner on the way to the meeting Todd pulls out his blackberry/pda and say “two emails with the subject line HACKED, that can’t be good”. We meet some of the folks and Chris for 10e20 shows me the text from the hacked page, tells me it’s all over threadwatch and digg. He also tells me people are thinking it’s linkbait. We get little more intel on other people getting hacked and it becomes obvious it’s really a hack and not a ploy for attention.
At this point I had the option of choosing to stay and have a good night drinking and talking shop with some friends, or jumping on the train for the 1 hour ride back to fix it. Since I wasn’t running any commerce on the box and don’t have any other sites hosted with this company I decided to stay out and have good time hacking pirates be dammed. I’d like to thank all the people who took time to send me an email letting me know there was a problem, I appreciate it. I’d also like to thank Rae and John Scott who went to the extra trouble and picked up a phone and left me a voice message, you rock! For those of you who’s first thought was ‘this is linkbait’ I totally understand that, a healthy bit of cynicism is good thing. However in the future I’d just ask that you wait for a few more of the facts to come out before sending someone to the gallows … thanks.
I got home did a little research and decided the best plan was to wipe everything out and do a complete re-install. A payload of spyware could have been deposited and I wasn’t willing to take the chance. I had to manually log into the MySQL database, hand edit some values, delete any extraneous user accounts and change the passwords on the remaining ones. Kind of a bummer and not a lot of fun from midnight until 3am, but you gotta do what you gotta do. I’d also like to say thank you to the folks who offered technical support if I needed it.
Being hacked sucks! There’s no way to mince words about it, you have that icky violated feeling, that I hope any of you never have to endure. So learn from my bad example and keep your wordpress software up to date. I’d also recommend using this wordpress database backup which lets you schedule a nightly job to email backup to your offsite gmail account.
Update:
Be sure to look at a post from Reuben Yau on Protecting the Wordpress wp-admin folder with htaccess. You are putting that file in the WP-Admin folder not the root folder.
Sphere It
January 16th, 2007 at 3:30 pm
Really glad to see you are back up and running! I thought you were going to be at the IM-NY thing, hoped that someone there would be able to let you know!
Anyway - glad you’re back, hacking pirates be damned!
January 16th, 2007 at 3:43 pm
So the questions remains, is it worth using WordPress with all of these growing exploits? Is blogger any safer?
January 16th, 2007 at 4:17 pm
It’s really not a big deal in my mind Aaron - so long as you have backups and pay attention. I was way out of date - and honestly, most the time there is no good reason (aside from being hacked) to upgrade right away.
The open source nature of wp, and all the stuff you get for free definitely outweighs the negative of having to deal with a dolt from time to time I think.
January 16th, 2007 at 4:34 pm
Glad it’s back up and running smoothly. Also glad you stayed and hung out.
January 16th, 2007 at 4:50 pm
For the first 1/2 nano-second I figured you’d changed your mind about the new logo. Glad you were able to wrest control back and get the site up and running again.
January 16th, 2007 at 4:53 pm
Let me add my “Glad to see you back” to the ever growing throng.
January 16th, 2007 at 5:31 pm
Yeah — I saw you got hacked and knew where Chris was headed, so I told him on his way over to warn you in person. Glad it is all sorted out.
January 16th, 2007 at 5:51 pm
Welcome back and thanks for the backup link.
January 16th, 2007 at 6:47 pm
Shame to see that blog post come through. I thought something was up when I saw an empty header… but glad to see it’s back on track.
I recently had to rip out my entire system because it had been so thoroughly embeded in spam engines that the constant requests were bringing the server to its knees.
I ended up writing my own software, and I much prefer it that way. There’s a way to go before it can compete with something like WordPress but I don’t mind, since I don’t need any of the advanced stuff anyway.
Ah well, just goes to show, eh? Nobody’s safe when you trust any part of your system to someone else
January 16th, 2007 at 7:48 pm
I thought it was a brilliant piece. But glad you are back anyway.
January 16th, 2007 at 10:08 pm
It’s crazy the you guys were together when it happened. Glad to see you got everything back up!
January 16th, 2007 at 10:11 pm
I’m glad you’re back up and running. The whole thing certainly scared me into upgrading pronto!
January 17th, 2007 at 5:52 am
Glad you are back - I too was hacked in November and recal the feeling of rape, violation. I cussed for hours getting it all back together, I, as well as other have been “clearly warned” and I hope we have all updated out stuff. Look forward to the next .fm show!
January 17th, 2007 at 11:15 am
I was hacked on some “build and forget” affiliate sites and didn’t know about it for weeks. I currently do monthly backups from the host to my PC but now that I am doing more and more blogs I need to look into that wordpress plugin.
I was just talking to a co-worker yesterday about doing backups of the home computer. We are all lazy when it comes to backing up our PC’s. I had a hard drive failure about a year ago and it sucked royal. Finance, family pictures, Ipod stuff all gone. Luckily I was able to recover the data after much sweating. Now I know why those adword prices are so high for “data recovery” and “hard drive failure”
January 17th, 2007 at 6:43 pm
@John don’t think I haven’t seriously considered someone knew we were both AFK at that time the attack was launched