I was hacked by a spammer
Not on this blog, but over on Six Great States. What a friggin’ PITA that was!
There had been some weird stuff going on a while ago, where the domain redirected to a video game site. But I never saw that, Kat told me about it, and by the time I checked it out, everything was fine. Then I all but forgot about it.
Then yesterday, I was rearranging some stuff on that blog’s templates. I opened up the footer template in WordPress, and I was horrified to see that someone had put a zillion porn links in it! They were not visible on the actual blog, but visible in the source code, so that the Googlebots could pick them up. And since they were in the footer template, that meant that this crap was on Every Single Page of the blog.
This is what I get for NOT upgrading my WP when I should. But I like the older version better. But not better than getting hacked!  The newer versions have more built-in security.
I searched around for info on this and how to fix it, and came upon two articles that I bookmarked:
Did your WordPress site get hacked?
My WordPress blog got hacked by a spammer
They were a big help in finding out how this happened, and how to fix it so it’s less likely to happen again.
At the time, I was waiting for Mike to come home, so we could go out to dinner. So I simply changed the password and cleaned up the spam. When we got home, I set to work on upgrading and all.
First of all, I did find that back door in my index.php file. This is what it was supposed to look like:
This is what it looked like after the hacker hit it:
What country is .in? India? Indonesia? Doesn’t really matter, anyone who does this, no matter where they come from, is scum.
So I got rid of that right away. Then I went into MySQL, and saw that the bastard had set up another user for the blog…which was NOT visible on my WP dashboard! I also had to go in there to change the password, so that it would work after I did the upgrade.
After I did all of the MySQL stuff, I went and did the upgrade. I’ve done WP upgrades before with no problems, so I wasn’t that worried.
But then it asked me to log in again. I put in the new password, it wouldn’t let me log in. Reset the password, changed it in MySQL, still wouldn’t work. Lather, rinse, repeat. Still nothing.
So I hit the WordPress support forums for help. Yep, others have this problem, too. I tried everything suggested, nothing worked What finally did work was to actually remove all of my plugins from the server. I knew I was supposed to disable them, and I thought that was enough. But I guess not. Once I was finally able to login, let WP do the database upgrade, and complete the installation, then I uploaded them back and enabled them.
Meanwhile, I was getting comment spammed to death on some old post on that blog, one about Ted Kennedy and his brain cancer. This is what happens without the Aksimet and Comment Timeout plugins. The guys who created those deserve medals!
Fucking spammers/hackers. I say we round them all up and stone them to death. But how about using cans of Spam instead of stones. See, I finally found a good use for that nasty crap! 
But now that I figured all of this out, upgrading all of my other blogs that need it, checking for back doors, etc., should go much faster. At least I hope so!
2 Comments for “I was hacked by a spammer”
Trackbacks