Wednesday, October 8th, 2008

Need help protecting my blog

Filed under: — Daniel Lemire @ 16:29

As some of you noticed, this blog keeps on getting hacked. I need help.

  • I have the latest version of wordpress. I have changed the password and I did my best to find any backdoor.
  • I do not think anyone can modify the PHP files because they are not writeable on the server.
  • In the latest hacks, they update the content of my post with hidden spam. That is, the spam appears directly my relational database. It appears that, indeed, the PHP files are not modified. It also appears that they are only able to update the latests posts. Indeed, only 3 posts had spam in them. Surely, if they could have done more, my entire database would be filled with spam right now.

So, what should I be looking for?

I think there must be at least one backdoor left. I have checked that when I write a new post, the spam is not automatically inserted. So, the post must be updated a bit later.

This is very scary and annoying.

Update: My current best guess is that only few blog posts were modified because I changed my password and removed the default admin user just in time. If so, I am very lucky because the spammers could have infected all of my content. Indeed, it appears that none of my recent posts have been spammed. Of course, it could be just a matter of time…

4 Comments »

  1. It seems you are having SQL injection problems. If you have logs check when they were “updated” and the PHP requests before.

    Good luck!

    Comment by luis — 8/10/2008 @ 22:21

  2. I’m no Wordpress expert and only have a very the general comment but you may want to install Nessus and inspect your server from the outside.

    Comment by David — 9/10/2008 @ 8:07

  3. Luis had the same idea I had: SQL injection. Grepping logs should help narrow down what happened; if you are on the latest WP, this is something a lot of people will want to know / fix.

    Also, is your personal machine safe?

    Comment by Daniel Haran — 9/10/2008 @ 9:36

  4. If it can help against spam. There’s surely something equivalent in php.

    http://blog.madskristensen.dk/post/Simple-method-to-avoid-comment-spam.aspx

    Comment by Anonymous — 12/10/2008 @ 13:05

RSS feed for comments on this post.

Leave a comment

Warning: When entering a long comment, please ensure that you make copy of your text prior to submitting it. If the server should fail or if you hit a bug, you might lose your work. I am not responsible for your lost effort.

To spammers: I carefully review every single post and make sure that spam gets deleted. You are wasting your time if you are manually entering spam using this form. Read my terms of use to see what I consider to be abusive.

Example: I + II + IX= XII. Yes, you have to enter a roman numeral. (Answer must be in upper case.)

« Blog's main page

30 queries. 1.202 seconds. Valid XHTML

Powered by WordPress

© 2004-2008, Daniel Lemire (lemire at acm dot org). This work is licensed under a Creative Commons License.

Subscribe to this blog in a reader or by Email.