Bad news

In which we get hacked


It’s never a good sign when you come back from tent-shopping (a story for another day), check your email and find an emergency security alert from your web-hosting people. It’s an even worse sign when it says: your site has been compromised. Ah. Oh dear.

My FTP details had been compromised, apparently. This is intriguing, because my FTP password is unique, unrelated to any other I have, and stored solely inside my head. Either some sort of network-sniffing was going on – entirely plausible with the entirely insecure FTP* – there’s some flaw in my hosts’ FTP daemon, or the fault lay elsewhere.

Anyway, it’s prompted me to upgrade myself to WordPress 2.5, released recently. Upgrading WordPress is one of those jobs which I tend to put off and put off, for no good reason because it’s really not that painful; and there’s a good chance that WordPress was the loose link here. Old versions do have known holes, and if I’d upgraded sooner, the break-in might never have happened.

* I nearly said “FTP protocol” there. But that would be “File Transfer Protocol protocol”, which is Just Wrong.

8 comments so far. »

Keyword noise: , , , , , ,