Hacked


As people probably noticed, lately someone hacked my WordPress installation and turned this blog into a pharmaceutical link farm. I asked Dreamhost for help and they sent me sort of a friendly “have fun fixing that!” message, but they did run an automated scan indicating that something was wrong with my wp-config.php file. Sure enough, it contained a big chunk of PHP nastiness. Is it enough to just delete that and upgrade to the latest WordPress? Hopefully so. The posts and comments seem uncontaminated, at least at first glance. If things aren’t really fixed or go wrong again I’ll have to nuke the whole blog and restore from saved files — no fun.

Looking back, it’s not clear why Dreamhost’s “one click” WordPress install came with a plugin that disables WP updates. Also not clear why I failed to notice this.

I took a quick look at incoming search traffic and people actually do search for this stuff. Just today I got:

  • where ca i buy valium [sic]
  • xanax for sale no prescription
  • activists on xanax
  • phentermine 37.5 without prescription
  • canada phentermine
  • where to buy drugs in toronto

I like “activists on xanax,” it sounds like a band.


2 responses to “Hacked”

  1. Doh! I have been hacked a couple times, so I recently looked into hardening my WordPress install [1]; there are some great tips like changing the default username to something other than admin. There’s a more readable article with roughly the same information available on problogdesign [2]. I like the limit login attempts plugin [3] to help prevent brute force attacks. I’m trying out the BulletProof security plugin [4], but it is pretty hard to know if it really works. Good luck getting back up and running!

    [1] http://codex.wordpress.org/Hardening_WordPress
    [2] http://www.problogdesign.com/wordpress/11-best-ways-to-improve-wordpress-security/
    [3] http://wordpress.org/extend/plugins/limit-login-attempts/
    [4] http://wordpress.org/extend/plugins/bulletproof-security/