November 16, 2005 5:15 pm

I Got Pwned

:note: nothing

Yes, the rumors are true, something happened to my site. I got “hacked” or “defaced” or whatever they call it now. I’m still not sure where the security breach was because I’m using the latest version of WordPress, and I trust the guy who made the Guestblock. The only thing I’m wary about is my email form (that I have since disabled), since I just used a PHP script provided online by somebody who I don’t think even provides it anymore. I’m not sure if it had form field vaildation performed at any stage (in retrospect, it was stupid to use it if I didn’t know for sure) so I’m figuring that’s where it was.

I do run some other things like PHPquotes and PHPcurrently on my site, but those are password protected, so I don’t think it’s that either.

Anyway, I re-uploaded my index page (that’s the only page that got messed with, as far as I know) and things seem to be running okay.

The last time this happened, it was done by somebody else and I think they got in by using my crappy guestbook. *sigh* Should I send an email to my server people? I doubt it’s their fault, but maybe they could tell me what to do.

I am so infinitely glad that this wasn’t a “Mass Defacement” where they replace every single index page on your site with their weird message. It wouldn’t be as devastating this time around, just because I really don’t have any subdomains anymore, but it’d still be a pain in the ass.

To conclude, I apologize for being an idiot and using an email script that had questionable form field validation. I shall now go memorize Jem’s tutorial about email forms.

File Under: , ,

5 Comments

  • Im glad your back! And tomorrow is Harry Potter, wooooohoooo

  • Trinity says:

    As soon as I bought versteckt-sein, I had that happen. I found it hilarious, though, because the only thing the “hackers” did was upload an index.htm, which of course, just showed up in place of my original index.php because it was higher up alphabetically. You’d really think these morons would try to do something a bit more creative if they went through the effort to find the vulnerabilities. Dumb script kiddies…

  • Script kiddies…little boys who will never get laid unless money is exchanged, and even that is iffy.

  • Jem says:

    Bad news.. it was either phpquotes or phpcurrently (read more here).

    Don’t use my tutorial on forms yet, it is v.basic and I’m in the middle of writing a more advanced one with meta tag injection protection /etc.

  • Meggan says:

    Jem, I totally owe you one. I just figured since they were password protected that they’d be okay.

    And yeah, I wasn’t going to use your form thing until I figured out how to protect it, but that’s cool you’re writing an advanced tutorial. I’ll be hovering around tutorialtastic for it. :)

    Trinity and Bucky – I totally agree.

    And JessicaRabbit, WOOOO! I’m very excited.