pnotepad.org hacked
26 Apr 2008Who would want to hack my website?!
It would appear that hacking doesn’t always take the “This site 0WneD by L33t Hax0rs” form, and that Wordpress sites in particular are being targetted by Spam Injection hacks.
A few weeks ago I noticed that the ads on the front page of pnotepad.org were a little odd, lots of drug adverts and nothing programming related. I didn’t really think much about it, however, and moved on to something else.
Yesterday I got a friendly tip-off e-mail (thanks Erik!) telling me that pnotepad.org was serving up adverts and links for various drugs and other unpleasantness. Weirdly, I couldn’t see the problem at all. A little bit of investigation showed that these ads were only showing up if you used Firefox (not Safari or IE), but sure enough they were there.
I spent the rest of yesterday evening undoing the work of the hacker, tying down various parts of the host system, upgrading Wordpress and re-doing the customisations used on the pnotepad.org site.
It'll never happen to me.
I had put off upgrading Wordpress for a long time due to thinking I’d need to rework various customisations with the upgraded code, and not really knowing how much effort the upgrade would cost me. I learned a lesson there! The hacker got in via well-known Wordpress hacks. In the end, the pnotepad.org site didn’t work properly for a few hours - perhaps 10 at most (some while I slept). I wish I had just upgraded earlier.
If you run a Wordpress-based site or blog, make sure you are up-to-date! This means you may have to take some pains and use newer versions that you’re not fully sold on, but the alternative is you may end up with a hacked site. You may not even notice at first!
There are some useful pages on hardening your Wordpress install here:
- Hardening Wordpress at the Codex
- Using mod_rewrite and htaccess to harden Wordpress