David (dblume) wrote,
David
dblume

My Compromised Blog

I was doing some general cleanup around the blog. (Considering widgetizing the sidebar...) I re-validated the XHTML, and some errors came up. The following code was inserted into the content of a post. (Which is contained inside a MySQL item.)


<p id="displayer" style="display:none">
CD and DVD films available for download at <a href="http://my-movie-download.com/">download movies</a> site, cheap prices and fast downloading.</p>


The evil little snippet above says that humans won't be bothered with the link, but search engines will notice it.  Also, the following was actually inserted into my theme's index.php.


<form id="srch" name="srch" style="overflow:hidden;width:0pt;height:0pt" method="post">
DiVX and DVD films available at <a href="http://my-movie-download.com/">download movies</a> portal, low prices and fast downloading.
</form>


Just like the prior snippet, humans won't see the link, but search engines will.

It's hard to describe how annoying this is. Somebody/bot found a way to compromise my blog's directory and its database.  I only sftp and ssh to the site. (Although in the past I have ftp'ed. No more!) I thought I chmodded the wordpress files to -rw-r-----, but I see now that there are more extensive write permissions in some directories.

I checked the last few logins, but they were all mine this month.  (And my host clears the log every month.)  I have to monitor the situation closely.

Ye gods, the referrer spam goons are aggressive!  Aargh!
Tags: code, programming, wordpress
Subscribe
  • Post a new comment

    Error

    Comments allowed for friends only

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 7 comments