I’ve been hacked!

The reason why you haven’t seen any updates to the blog in a while is that it had been hacked.  I don’t know who or why, only the fact of the hacking.  At first I thought it was a problem with my hosting provider, but that turned out not to be the case.

Over 700 PHP files in my blog’s directory had code inserted into them.  The details of the code are a bit over my head and don’t really spell out what it’s supposed to do, but I was able to find some information with the help of Google.  Some details about this attack are on this site, this site, and this site.

I’m still working with Dreamhost to see what I can do to prevent it from happening again.  In the mean time, while I can, I’ll post updates a bit more frequently until I’m caught up.

I did find a great, free utility to help with the cleaning process.  Replace Text by Ecobyte Software.  I was able to feed it a directory of files and have it search for the hacked code and replace it with clean code (thankfully, the hack involved ADDING something and not REPLACING anything).  It worked so well that I wish the author continued to support it with Windows 7 and beyond.

So, look forward to a couple of posts tomorrow.

One Response to “I’ve been hacked!”

  1. [...] I’d blogged previously about the hack that occurred on my site.  Frustrating since I’d not blogged for over a year and everything went fine for three weeks when BAM, I couldn’t do anything.  All the research I had done suggested that this particular hack wasn’t new and would have been fixed long ago (I had sporadically updated the WordPress installation, but hadn’t been too religious about it). [...]