Holy Shit, I’ve Been Hacked
Apparently there is some wordpress vulnerability that allows someone to replace my header file with a whole bunch of viagra links. Awesome.
Anyway, it actually overwrote the file on the server, so my design is all busted and I don't have it backed up in any way.
I'll be upgrading wordpress and fixing my site theme. This may take some time. Bear with me.
No, this is not an April fools thing. I actually got haxx0red, for realz. :/
Update: Alright, I've upgraded wordpress and removed the viagra links. It appears that someone was able to override my footer and header.php files for my theme. To an extent, I'm not terribly surprised, as those files are set world writable so that wordpress can write to them, allowing me to edit from the admin console.
This whole thing could have been much worse. The hack left my database untouched, all of my blog posts look the way they are supposed to. All it did was modify the files to my theme.
That said, because it so thoroughly destroyed my theme and I didn't back my theme up on my local machine (it's just a blog), I have set the site to use the default ugly wordpress theme until I can work up another one. It's just as well, I was sick of the old one anyway.
Extra Update: I just wanted to share the comment that informed me something was wrong with my site. It's humorous. These were both anonymous:
Real quick…I want an explanation for what the hell happened to your site or I’m reporting it to your hosting company and to Google. Two days ago I found this post and this site through Silicon Alley Insider and bookmarked it because I liked the blog design and wanted to work on something around it. I come back tonight and obviously the CSS file is gone. I clicked “view source” and not only is there no CSS file, there is no document head, no robots file, but there are about a thousand links to spam drug sites embedded in the source? You really don’t want me screencapping and posting this here and there, and you definitely don’t even want me to get started with Google, of all companies, reporting your ass if this isn’t a case of a your website being hacked.
Then later, same person:
You can hold my comments for moderation, I don’t care. I think you’re fucked either way. Looks like this site is owned and operated by the (fictitious?) Rod Hilton, whose own website is on a Google server. Try explaining that and all the spam links served to this site dynamically, viewable in the page source, before I get going on explaining it for you. You definitely don’t need to show my comments here to bury yourself in a world of shit.
Jesus, what a spazz. Well, thanks for letting me know my site was hacked, even if you did so by being a crazy person.
Bryan:
I told Rod that I only got a couple of sentences through this post when I originally went to read it… and stopped because I was bored. I’m glad that Rod went ahead and told me to read the rest of it, because the quotes from the nutcase are classic. Dude, you are a fucking Weirdo - yeah, that’s right… with a capital ‘W’. I really, really hope he becomes a frequent commenter, because seeing quotes like the following makes my day:
“I want an explanation for what the hell happened to your site or I’m reporting it to your hosting company and to Google.”
Wait, let me understand… Rod owes you an explanation for what reason exactly? And what in the hell is the hosting company and/or Google gonna do if you report it? You really know how to lay some threats down. You are one bad motherfucker.
“You really don’t want me screencapping and posting this here and there…”
Why? What? Who? Where? - What in the hell are you talking about you crazy bastard? I must be living in bizarro world.
“I think you’re fucked either way.”
He’s obviously fucked… you’d have to be a crazy person to not see how he’s so fucked.
“You definitely don’t need to show my comments here to bury yourself in a world of shit.”
Exactly… just like Rambo in First Blood Part II - http://www.premiere.fr/var/premiere/storage/images/cinema/photos/diaporama/images/rambo-ii-la-mission-rambo-first-blood-part-ii-1984__6/6005974-1-fre-FR/rambo_ii_la_mission_rambo_first_blood_part_ii_1984_reference.jpg
Please, please continue to comment here you crazy asshole. It’s like an insane Abbot and Costello routine that I can’t get enough of.
2 April 2008, 9:36 amBob:
There’s nothing better than a good laugh rather than reaching for that 3rd diet coke in the afternoon. Loved this post, and the blog. Good thing the authorities at Google still include you their search algorithms ;) I stumbled across your blog looking for info on using multiple versions of rails - thanks, the info was helpful.
10 April 2008, 3:09 pm