Hacked Again…!

A short while ago this site was hacked in the backend by a script kiddie exploiting a vulnerability through swapping out the default theme. Harmless, but I spent a good while figuring out what they’d done and how, to be able to block it and prevent it happening again.

This time I’ve been hacked by some pro-Palestinian group or something – weird as I’m heading out to Saudi Arabia in a few days time and no-where does this blog mention anything about the Middle-East or politics. I didn’t spend half as much time fixing this one. In fact I must thank the previous hacker for enlightening me – and each subsequent hack makes me analyse my security more.

These cyber-jihadi’s were more capable, in that they had changed my password and default email. Thankfully I googled and quickly found a useful blogpost from Mahesh Kukreja for restoring my login. It seems that the hacker had exploited a known vulnerability in WordPress that had not been fixed in my implementation (despite being the latest version).

I’ve blocked the IP address, and the exploit (using security logs plugin), as well as employing the fix in my login php.

Once I was into my dashboard, I quickly checked nothing else had been touched, reset my password, updated the current theme which purged their changes and modified my security settings and htaccess file.

Since he had been kind enough to leave his email address I also pinged a quick email to inform him he was twat. Probably stepped over the line – I’ll learn one day.

Posting from Android

I’m posting this from my Android phone with the WordPress app. Neat huh?

Normal posting will resume as soon as I can find time to sit down and focus.

Geocaching Log Feed Added

Since I am limited to Blogger for publishing our “My Finds” PQ, I’ve used a WordPress widget to add a link to the latest posts here.

You can find them on the Geocaching page.

Site Hacked

Update: for clarity now my head is a bit clearer from 48 hour flu…

Well, it seems like some script kiddie had decided to target my website whilst I was lying in bed all day yesterday with the flu and completely unaware.

Despite the WP software being completely up to date they found a way in, and I’m still working on the exact method of entry. I’m assuming they somehow gained my password and accessed via my account, but it could be a sophisticated inject – since nothing else seemed to be touched so far.

It seems they were able to replace the current theme with the default, then simply overwrite the index.php with their own html. I checked my stats and found some suspicious URL requests which were not in my blacklist – which are now added.

I’ve done some security hardening of the website today with some more stringent security measures. Though I’m aware there’s no such thing as 100% invulnerability, the purpose is really to make hacking this domain not worth it. This is a ‘hobby’ site after all, there’s not much kudos to gain from pwning this domain – hence my suspicion it was a script kiddy above all else.

Good reminder for frequent backups, I guess.