Hacked Again…!

A short while ago this site was hacked in the backend by a script kiddie exploiting a vulnerability through swapping out the default theme. Harmless, but I spent a good while figuring out what they’d done and how, to be able to block it and prevent it happening again.

This time I’ve been hacked by some pro-Palestinian group or something – weird as I’m heading out to Saudi Arabia in a few days time and no-where does this blog mention anything about the Middle-East or politics. I didn’t spend half as much time fixing this one. In fact I must thank the previous hacker for enlightening me – and each subsequent hack makes me analyse my security more.

These cyber-jihadi’s were more capable, in that they had changed my password and default email. Thankfully I googled and quickly found a useful blogpost from Mahesh Kukreja for restoring my login. It seems that the hacker had exploited a known vulnerability in WordPress that had not been fixed in my implementation (despite being the latest version).

I’ve blocked the IP address, and the exploit (using security logs plugin), as well as employing the fix in my login php.

Once I was into my dashboard, I quickly checked nothing else had been touched, reset my password, updated the current theme which purged their changes and modified my security settings and htaccess file.

Since he had been kind enough to leave his email address I also pinged a quick email to inform him he was twat. Probably stepped over the line – I’ll learn one day.

Slow Blogging

Imagine that!

I’ve tried doing the whole rapid fire blogging thing. In the past elsewhere the most I could manage was 2 posts a day but the thing you find is you have little time for much else.

As my life has expanded, to take on important things like marriage, church, hobbies and work, blogging has become less important – especially when most thing I find can be condensed into a tweet.

I suspect a lot of bloggers who are slowing down are in the same category as me. Those that have not attracted big advertisers or have more important things to do in real life just don’t have the gumption any more.

And you know what, I realised a long time ago that I don’t have the time or attention span to take in all those 50-a-day bloggers either. Which is why I started cutting them out of my feed in favour of slower blogs a long time ago – advertisers take note!

Site Hacked

Update: for clarity now my head is a bit clearer from 48 hour flu…

Well, it seems like some script kiddie had decided to target my website whilst I was lying in bed all day yesterday with the flu and completely unaware.

Despite the WP software being completely up to date they found a way in, and I’m still working on the exact method of entry. I’m assuming they somehow gained my password and accessed via my account, but it could be a sophisticated inject – since nothing else seemed to be touched so far.

It seems they were able to replace the current theme with the default, then simply overwrite the index.php with their own html. I checked my stats and found some suspicious URL requests which were not in my blacklist – which are now added.

I’ve done some security hardening of the website today with some more stringent security measures. Though I’m aware there’s no such thing as 100% invulnerability, the purpose is really to make hacking this domain not worth it. This is a ‘hobby’ site after all, there’s not much kudos to gain from pwning this domain – hence my suspicion it was a script kiddy above all else.

Good reminder for frequent backups, I guess.

Warning: Blog Temporarily Subject To Change!

It’s going to take me a while to setup this blog just how I like it, as well as get the right set of widgets, so please be patient when you find yourself coming back and seeing something completely different!

Cheerio, Wes.


Happy New Year!

Hey I got a new domain: www.wafitz.net. I haven’t done anything with it yet but I intend to start moving ‘operations’ over there. This blog, maybe a static webcam, geocaching related stuff. And I’m working on a weekly(?) podcast with my brother in law – we’re just ironing out the technicalities.

Speaking of domains and online activity. Ever since I did my first egosurf (way back when we were all surfing web 1.0 with 56k dialup, Google was a sound a baby would make, email was the fastest way to communicate and AOL was a formidable giant of the web) this website is what drew in the top results. The image of the little girl has been “picture of the week” for the last 300 weeks. The whole website has never changed since it’s been up and yet it still gets significant ranking when I google my name.

Of all the daft forum posts, stupid blogs and other nonsense I’ve done online, I’d rather anyone see those than to mistake fitzweb.org for one of my achievements. I am probably not helping by linking to it, it’s probably bad form to even discuss it like this, but it’s something that’s bothered and haunted me for years so I felt maybe it’s time to clear up any confusion.