David (dblume) wrote,

My Compromised Blog

I was doing some general cleanup around the blog. (Considering widgetizing the sidebar...) I re-validated the XHTML, and some errors came up. The following code was inserted into the content of a post. (Which is contained inside a MySQL item.)

<p id="displayer" style="display:none">
CD and DVD films available for download at <a href="http://my-movie-download.com/">download movies</a> site, cheap prices and fast downloading.</p>

The evil little snippet above says that humans won't be bothered with the link, but search engines will notice it.  Also, the following was actually inserted into my theme's index.php.

<form id="srch" name="srch" style="overflow:hidden;width:0pt;height:0pt" method="post">
DiVX and DVD films available at <a href="http://my-movie-download.com/">download movies</a> portal, low prices and fast downloading.

Just like the prior snippet, humans won't see the link, but search engines will.

It's hard to describe how annoying this is. Somebody/bot found a way to compromise my blog's directory and its database.  I only sftp and ssh to the site. (Although in the past I have ftp'ed. No more!) I thought I chmodded the wordpress files to -rw-r-----, but I see now that there are more extensive write permissions in some directories.

I checked the last few logins, but they were all mine this month.  (And my host clears the log every month.)  I have to monitor the situation closely.

Ye gods, the referrer spam goons are aggressive!  Aargh!
Tags: code, programming, wordpress

  • My feed URL has changed

    If anyone here follows my personal blog with a feed reader, you'll have to change the feed URL manually. The old URL can't redirect to the new one.…

  • Progress on my Google+ and LJ backups

    Since Google is going to shut down Google+, I decided it was time to really make a home for my LiveJournal backup and my Google+ backup. Working…

  • In Case of Link-Rot

    If anything should happen to this journal, a backup of it should eventually appear at this location. I don't expect or plan for anything to happen…

  • Post a new comment


    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded