My Compromised Blog
I was doing some general cleanup around the blog. (Considering widgetizing the sidebar...) I re-validated the XHTML, and some errors came up. The following code was inserted into the content of a post. (Which is contained inside a MySQL item.)
CD and DVD films available for download at download movies site, cheap prices and fast downloading.
The evil little snippet above says that humans won't be bothered with the link, but search engines will notice it. Also, the following was actually inserted into my theme's index.php.
Just like the prior snippet, humans won't see the link, but search engines will.
It's hard to describe how annoying this is. Somebody/bot found a way to compromise my blog's directory and its database. I only sftp and ssh to the site. (Although in the past I have ftp'ed. No more!) I thought I chmodded the wordpress files to -rw-r-----, but I see now that there are more extensive write permissions in some directories.
I checked the last few logins, but they were all mine this month. (And my host clears the log every month.) I have to monitor the situation closely.
Ye gods, the referrer spam goons are aggressive! Aargh!
CD and DVD films available for download at download movies site, cheap prices and fast downloading.
The evil little snippet above says that humans won't be bothered with the link, but search engines will notice it. Also, the following was actually inserted into my theme's index.php.
Just like the prior snippet, humans won't see the link, but search engines will.
It's hard to describe how annoying this is. Somebody/bot found a way to compromise my blog's directory and its database. I only sftp and ssh to the site. (Although in the past I have ftp'ed. No more!) I thought I chmodded the wordpress files to -rw-r-----, but I see now that there are more extensive write permissions in some directories.
I checked the last few logins, but they were all mine this month. (And my host clears the log every month.) I have to monitor the situation closely.
Ye gods, the referrer spam goons are aggressive! Aargh!