*

Bad news

In which we get hacked


It’s never a good sign when you come back from tent-shopping (a story for another day), check your email and find an emergency security alert from your web-hosting people. It’s an even worse sign when it says: your site has been compromised. Ah. Oh dear.

My FTP details had been compromised, apparently. This is intriguing, because my FTP password is unique, unrelated to any other I have, and stored solely inside my head. Either some sort of network-sniffing was going on – entirely plausible with the entirely insecure FTP* – there’s some flaw in my hosts’ FTP daemon, or the fault lay elsewhere.

Anyway, it’s prompted me to upgrade myself to WordPress 2.5, released recently. Upgrading WordPress is one of those jobs which I tend to put off and put off, for no good reason because it’s really not that painful; and there’s a good chance that WordPress was the loose link here. Old versions do have known holes, and if I’d upgraded sooner, the break-in might never have happened.

* I nearly said “FTP protocol” there. But that would be “File Transfer Protocol protocol”, which is Just Wrong.

Keyword noise: , , , , , ,

*

8 comments on “Bad news”

  1. Forest Pines says:

    They said: a hacker had accessed the site using my FTP details and inserted malicious code into my pages, which they had cleaned out – which does make it sound like that sort of attack. It’s the FTP bit that I have trouble believing.

    It did all leave my WordPress admin pages in an unusable state, so I thought: if I have to reinstall anyway, I may as well upgrade too.

  2. Forest Pines says:

    Something odd is going on.

    Earlier, Martijn wrote:

    “Did they say what exactly happened? They didn’t when D’s site had been compromised a while which I thought was pretty bad; a bit like one’s landlord saying “your flat has been broken into, I installed new locks on the door” and just that. WordPress flaws are commonly used to compromise sites, but in most cases, just one nearly invisible iframe is inserted (making your site’s visitors download trojans etc.) which I’m not sure if a hosting provider would notice (unless they were really looking for that, which one would have to admire them for).”

    … but when I replied, his comment disappeared. Hmm.

  3. Forest Pines says:

    Martijn left another comment there, which I approved … and it disappeared. And I’d already deleted my email copy of it. Damn.

  4. Martijn says:

    Hmmm. I said something about that it’s quite likely just a flaw in WordPress – for which older WP versions are infamous – not FTP, if only because I’d be surprised they’d monitor/log FTP traffic so carefully.

    But it looks like not all your problems are solved, are they now? Did you install the Mugabe-Democracy-plugin or something?

    (N.B. Copy of this comment saved in my GMail drafts!)

  5. Forest Pines says:

    On the comments approval page: if I select a comment and click the “Approve” button at the top, the comment appears. If I click the “Approve” link to the right of the comment itself, it vanishes entirely.

    I would report a bug; but the WordPress bug-tracking system‘s a navigational nightmare.

  6. Martijn says:

    Do you still need to moderate comments? I find Akismet words pretty well as a filter. This, combined with putting all comments that contain two or more links in the moderation queue, that is. Admittedly, I don’t really check the system for false positives, but I suppose people would email me if their comments weren’t getting through.

  7. Forest Pines says:

    I switched it to moderate-everything back when the Grimsby Telegraph‘s staff were bored and being a nuisance, and have never bothered to turn it off.

  8. […] couple of weeks ago, I discovered that my site had, apparently, been compromised, but my hosting company had handled it. WordPress had been broken in the process; but I’m not […]

Leave a comment

You must be logged in to post a comment.

*

Search this site

*

Contact

E: feedback [at] symbolicforest [dot] com

IM: Ask me if you'd like to know

*

Post Categories

Artistic (118)
Dear Diary (349)
Feeling Meh (48)
Geekery (109)
In With The Old (34)
Linkery (37)
Media Addict (164)
Meta (79)
Photobloggery (94)
Political (113)
Polling (7)
Sub category (19)
The Family (31)
The Office (70)
Unbelievable (53)