Copyright © 2010 The G String. All Rights Reserved. Snowblind by Themes by bavotasan.com. Powered by WordPress.
Far from having a hardcore readership in Russia, I learned the hard way that running a custom WordPress installation invites hackers to manipulate its fallible security measures. It would seem that the variety of users signing-up with a .ru address have figured out how to inject php code into wordpress, and my 2.8.2 version was riddled with custom javascript, php code and lots of messages about those little blue pills that can do so much for your sex life. I have to hand-it to whoever it was, that they took the time at all to suss out the flaws and use wordpress for such a lofty goal. They even managed to get a PHP file uploaded to the application, which is both alarming and annoying.
In the end, I decided that caution was the best policy, and installed a completely fresh installation of WordPress. I’ve now disabled users (not really sure of the point of them anyway), and added HTTP authentication to my /wp-admin directory. Its now been a couple of quiet weeks, so I’m taking this to mean victory for now.
I suppose this is the main issue of using open-source software; if you find an exploit, you can cruise around the web, looking for older, vulnerable installations and attack them. The customised code of many of the websites I’ve seen are probably far more vulnerable, but their uniqueness brings a form of security of its own- its too much work for script kiddies to figure out the dynamics of every site on the web, and after all, who cares if you hack Dan Garland’s blog; better-off chasing after Disney and Microsoft, where all the geek kudos would be.
Clean-up
For anyone out there who has experienced a hacked wordpress installation and wants to clean it up, these are the steps I took:
-
Download the latest version of WordPress.
You can find the latest verison at http://wordpress.org/latest.tar.gz.
-
Move / back-up your old installation and move it out of where apache is serving it.
Don’t make the mistake of leaving your hacked wordpress somewhere on-line that these pricks can get at it.
-
Install your new wordpress with a new database
You could point wordpress at your old installation, but you’re running the risk of leaving some code in a comment or post that will leave your installation vulnerable.
-
Comb through your old database to remove junk entries, spam and anything that has nasty stuff in it.
Search particularly for long-entries, or any content not authored by yourself.
-
Use mysqldump to retrieve the bits of data you want to keep, and import them in.
I decided to keep posts, comments, tags and categories. I used:
mysqldump my_db -u user -p wp_links > links.sql mysqldump my_db -u user -p wp_posts > posts.sql mysqldump my_db -u user -p wp_comments > comments.sql mysqldump my_db -u user -p wp_links > links.sql mysqldump my_db -u user -p wp_term_relationships wp_terms_tp_term_taxonomy > tags.sql
Barring the odd column here and there that may have changed between versions, this worked for me but gave me the chance to vet what content went back into the database.
mysql my_db -u user -p < links.sql ...
-
Set a strong admin password
-
Set HTTP authentication on your wp-admin directory.