My blog was hacked (bastards)

My blog was hacked (“haxx0red”) and bang goes a LONG day of coding as I try to fix it with my lackluster web programming “skillz”.

I first realised something was wrong this morning when I tried to post a comment and realised that the post had no comments box (which I hadn’t switched off). So I went to edit the post to enable comments but it wouldn’t save the edits! (It just showed a blank page with wp-admin/post.php as the URL) Lots of googling proved fruitless and frustrating.

Then I got an email from a reader (you know who you are, thanks!) who said that my last couple of posts were full of spam and it was coming out in the RSS feed. I checked them out and they had tons of hidden spam links which didn’t show up online! This is presumably to boost the Google ranking of some other site. Problem was that I couldn’t edit the posts to remove the spam links!

I re-uploaded my WordPress backup and still no change. So I upgraded WordPress to 2.5 and still no change. I discovered that I could manually edit the two posts with spam links with phpMyAdmin so I removed the links and enabled comments, but still my wordpress was seriously broken. Plus I proceeded to mess it up more with the sort of dumbass mistakes that you make because you’ve sat in your chair for 6 hours without moving and your brain and body is shutting down (plus I’m a neophyte at this sort of stuff). Later on I discovered that I couldn’t save WordPress options either, (same blank page thing), but I could edit comments. Crazy!

Finally tonight I examined the wp_options table and found two suspicious entries. With a path that looked like ../../../../../../../../tmp/ and a file called ro8kbsmag.txt. A quick Google was very revealing with this page. Anyway, I removed the suspect plug-in and TADA I can edit and save posts again and my options works, woo.

Well that was a pain in the arse but I knew somehow I’d prevail – the Universe likes to send me these unasked for challenges 😉 Hopefully this post will be useful to other people Googling the same problem. Now to make another backup…

P.S. Sorry to any of you that received the spam links via RSS.

One Response to “My blog was hacked (bastards)”

  1. Grey Alien Games Says:

    Also managed to fix Photopress. For some reason the Photopress Options page was filled with Question Marks (“?”) in every edit box! I filled out some default values and it started working again. The main blog index page was bombing out with a load of weird errors so I turned off WordPress custom permalinks then re-enabled them and it fixed itself. Weird.

    Boy am I glad this stinky day is over! Hopefully WordPress 2.5 does not have the exploit which led to this hack in the first place. I’m also investigating updating my .htaccess file to make it more secure.

    Now to get back to my particle effects!