hacked?
Crap. Somehow, someone's gotten access to edit my posts on this blog and have crapped in loads of viagra linkspam. I've probably destroyed the evidence already by deleting the spam as soon as I saw it — and as soon as some friendly readers emailed me pointing at more. I've done the obvious, changed my password and tried to lock down the admin pages a bit. But, I don't know who, how, or why. Ugh.
So, my apologies if anyone sees any offers for penis pills around these parts. A heads up would be kindly appreciated as I scour my records and grumble.
Archived Comments
I have heard that wordpress needs to be updated to the security point releases consistently. This is something that I try to stay on top of. Don't remember this being that big a deal with movable type. Could be a design flaw for wordpress, or perhaps PHP.
At one point I was using rsync to synchronize the new default files, and then hitting the dashboard to update the db design if it had changed. last update I did manually since I needed to move some photo links around in mysql. I still think rsync is a good tool for this task. Though lately they have been obseleting some files and they probably shouldn't be left around. what were the permissions on your files?
-tanner
Are you hosting on dreamhost?
http://blog.dreamhosters.com/2007/06/06/dreamhost-ftp-accounts-hacked/
Thankfully no, not on dreamhost. Unfortunately, that means I don't have that excuse. :)