Month archive for May, 2009 1 posts

Simianuprising.com now hopefully UN-hacked.

Posted by jeremyclarke on May 12, 2009 · WordPress

So this site was ironically hacked and hijacked by blackhat SEO spammers who inserted a ton of bullshit viagra/homeloan/sex links into my theme in the hopes that it would illegitimately raise their ranking in Google. Of course that’s not inherently ironic, what’s ironic is that it happened while I was at WordCamp Toronto, a mini-conference about all things WordPress, where I gave a talk that included a long section about how to avoid and deal with being hacked in just this way for just these reasons. Some part of me thinks that someone at WordCamp might have done it to show me who’s boss, but I doubt it, the pattern of spam links is just to depressing and business-like to assume anything but an impersonal bot did the damage.

This has happened to other sites I’ve been managing (specifically to Global Voices over the years, and I’ve learned a lot about hardening your server and WordPress installation to help solve the problem. The #1 piece of advice is of course KEEP YOUR WORDPRESS INSTALLATION UP TO DATE, NO MATTER WHAT. In the case of this my personal site (as opposed to sites I manage professionally, which I deal with much more carefully, because they are more important) I was doing a halfway version of this by keeping my very old but theoretically still secure copy of WP 2.0.x up to date. This is the legacy branch (current actual branch is 2.7.x) that was supposed to offer long-term security support, but it seems that is no longer the case. I loved having the bragging rights of being the only person in a room with even 100 WordPress users who had such an old but still secure version (well, except David Peralty), but obviously staying secure is much more important.

If you’re still running 2.0.11 I strongly recommend you give up and get on the normal upgrade schedule now, it seems to have been compromised.

Full details of how to clean up a hacked site below:

(more…)