Well that was fun …
September 8, 2011 by Dave Haynes
I love the speed, efficiency and flexibility of the WordPress content management system for bloggers.
But it is an open source platform, and that means there are a few bad apples out there who delight in messing up all the good work done by thousands of people who have developed and made plugins available, that do cool things on blog sites.
One of those plugins, called timthumb, dynamically shrinks images. It also, apparently, serves as a nice little back-door for hackers.
This site, and many others, got hacked. It is perhaps the third time (we’re not sure), but this was the first time it just flat took Sixteen:Nine down.
I was speaking with a very, very smart guy who runs a digital signage software company and his site also got hacked the other day. It was likely the same script, and the results were nasty. Little malevolent files left in directories here, there and everywhere.
He started over. And so did I. It was time for a new design and structure to allow me to build in some different things. One of the main page features on the old WordPress theme was broken, and the developer (in Ireland) was too slammed with other stuff to get it fixed. The hackers did me a favor (yeah, right).
So … this is the new look. It will be tweaked and tweaked, but I am pretty happy with the results of five hours of overnight fiddling and resuscitation. I could not even get at the existing database, but I luckily had a pretty recent backup. There are scores of broken image files but everything else seems intact. I need to backfill a few more posts from recent weeks, but that’s about it.
My apologies for being offline for a bit. Some good lessons learned about vulnerabilities and backups. That will have to do for the silver lining thing.
If you run off WordPress – and millions and millions of websites do – have someone check, and close the backdoor.
Good to have you back in the saddle again dave.
Yeah, that was just one big barrel of monkeys. I do like, at least, how moving servers had sped up management, and this new design gives me some more flexibility.
Whatcha running now dave if it ain’t WordPress?
I see you also enabled comment moderation…. Boo. I hope you won’t become DailyDOOH and start censoring well-written, polite comments that you happen to disagree with 🙂
*ahem*Adrian*ahem*
Nice work on the recovery. All in all, a few broken images is not that bad.