Rumblings, Ruminations, and Retrospectives

Musings from the mind of the Beast.

By

Well, this is interesting…

… I’m sitting at home tonight, and my good buddy (you might want to read his blog) texts me and tells me that my blog (yes, the one you’re reading right now) is broken.

Ludicrous, I say to myself. Impossible.

So, I come to the site, and lo and behold, I get a “page not found” error. This is bullshit, I think. I haven’t touched it in weeks (something I’m hoping to correct with more postings) so how is it broken?

I get looking around. The site actually loads – I can see the title in my browser, but before any content is displayed, I’m redirected off to what can only be a malicious site. I reload and stop the browser from loading before it redirects – and I find somehow there’s a new post that’s been added, but it’s hidden. It also contains a malicious script that does the redirect to the new site.

So I get hunting. Hmm… I can’t see the post in the admin panel. Of course, it’s hidden. No worries, I have automatic back ups of the blog done, so I’ll restore from one right before the post was made. Well, they stopped working too. So I think… if the post is hidden, will WordPress even see it? It can’t from the Admin panel, so let me export all the posts.

Sure enough, the malicious post is nowhere to be found in the export. I go into the database manager, empty out the post table, and the site now works. It’s empty, but at least the theme comes up. Then I re-import the posts, and we’re golden!

It makes me ask though… there’s obviously an export done. There’s nothing of mine that was compromised. My username/password is ok – there’s nothing in the logs to show it’s been used. So how did they do a database injection without it? I have no idea. Someone out there is good. Very good.

But if they’re so smart, why are they trying to hack a blog that hasn’t been updated in a few months, and the amount of traffic they’d get redirected to their site is minimal? Not so brilliant – not that they’re going to gain anything out of it. All that effort for nothing.

Well, I guess they got me to waste an hour and a half on it. At least I have a TV in here now and there’s a decent movie on. 😉

Leave a Reply

Your email address will not be published. Required fields are marked *