On Being Hacked

Sat Sep 12, 2009

If you visited here two days ago, you may have noticed that I had decided to start linking to several thousand sites selling cheap pharmaceuticals. Rather than a bold business decision, this was the result of an SQL-injection bug, which Wordpress, even the latest version (if you don’t take certain precautions and probably even then) is vulnerable to.

To the best of my knowledge, it’s all cleared up, though google is not indexing my site, and I ended up nuking several old course blogs even though I don’t think they were necessarily infected. What’s even more comforting is that the attack originated from my own host.

I’d say that at least a thousand blogs are infected with this particular spam network, and search engines are hammering my site with links from them. The links themselves no longer do anything other than load my main page, and I should figure out a way to selectively block access from them (they use a predictable identifier).

As far as I know, I was infected by a PHP-exploit from a file left over from a 2005-era theme installation. Since the wordpress upgrade process won’t clear those out automatically, I’d strongly encourage anyone in a similar situation or who uses my oneiric hosting service in particular to be careful.