Twitter Activity for Week ending 2010-02-22

Powered by Twitter Tools

My Blog Has Been Hacked
and What I Did About It

I don’t know about you but I don’t look at my own websites very often. Create a new page or blog post, check it looks OK and move on.

So imagine my surprise and horror when I was checking all my blogs after updating to the latest version of WordPress to discover that this blog had been well and truly hacked. What was interesting was what the hack did which is why I’ve decided to share this with the world rather than bury my head in shame.

When you loaded this site, everything looked normal for about 5 seconds and then you were redirected to another site via what looked like a couple of intermediate/proxy servers. When I first spotted this, I was taken to the listing page for a Chinese TV company which rather shook me as it is not as if my blog is mega popular (I wish!).

Given that in a former life, I founded and ran a very large UK based ISP, I’m used to dealing with hacks such as this. So I fired up an FTP client and logged into my hosting account to see what I could see. I wasn’t expecting to find much in all honesty as I reckoned that any halfway decent hacker would make sure that the date and time stamp on any changed files was the same as the original so as not to arouse suspicion. Having said that, I have seen instances of what we called “script kiddies” who changed things for fun and didn’t care what traces they left behind. Anyway, as I suspected, nothing obvious.

So then I logged into WordPress and decided to change from the K2 theme (1.08 RC) I was running to the default to see whether the hack was theme related or WordPress core specific. And the site worked so the finger was pointing at the K2 theme.

Now that I knew I could stop the hack immediately, I put the K2 theme back and had a play with the site. That was when this hack became interesting. If I clicked on a link within a topic (I have Twitter Tools installed so this was easy to do), I was correctly taken to the linked page. I had just reloaded my blog when the phone rang, and when I looked back, I had been redirected to the link I had just chosen. Further testing showed that this hack always redirected the site to the last clicked link. I’ve not seen this before but I thought/think it was rather neat in a sick kind of way.

Anyway I’ve now upgraded to the latest version of K2 (which was long overdue) and changed the passwords on all my sites as a precaution.

You have been warned!

Twitter Activity for Week ending 2010-02-14

  • Just had a chat with Shaun @giffgaff re my VAT invoice. Suggested they display receipt at end of top up process with VAT number shown. Easy! #
  • New HTC Hero phone has arrived and is charging for next 3 hours (according to the manual). Anticipation is hell! #
  • @jammyf When did you become a Papist 😉 in reply to jammyf #
  • Washing machine just packed up. Why is it almost as much to call out an engineer (with no guarantee of a fix) as it is to buy a new one? #
  • HTC Hero now charged. Time to play 🙂 #
  • HTC rooted and unlocked. Awesome phone exceeding my expectations although setting up multiple gmail a/c’s is harder than on my old XDA IIs! #
  • HTC Hero now twitter enabled using @seesmic. Fantastic! I love this phone. Sad really … #
  • Just set up @WaveSecure HTC Hero. Fantastic way to remotely shut down phone if lost or stolen. It even sends SMS to buddies if SIM changed! #
  • @nocturnalmonkey Are congrats in order? Should we be buying rice to throw at some point? Don’t keep us in suspense! in reply to nocturnalmonkey #
  • On train with family to visit Planetarium. How can London Midland charge £34 for a family ticket on a Sunday? What a rip off. #

Powered by Twitter Tools

Twitter Activity for Week ending 2010-02-07

  • Just sent out invitations to a dinner with the Coopers Livery. Hope they can come #
  • Been asked if I know anyone who can speak at a gala dinner for the lighting industry – just as I get involved in said industry. Meant to be? #
  • Forgot to mention my mobile no was transferred into @giffgaff today as promised. Great service so far. Now just need VAT invoice to arrive. #
  • Just discovered ceTwit – a halfway decent Twitter client for Windows Mobile #
  • And then i find @PockeTwitDev which an even better Twitter client as you can have multiple accounts. Brilliant! #
  • @PaulDJohnston 3rd?! Wow! Still congrats to you and Caroline 🙂 in reply to PaulDJohnston #
  • @marketingwizdom Hardly surprising. Who buys a phone you can't play with first in a shop? Google goofed. I want one but I won't risk it. in reply to marketingwizdom #
  • Playing with @Hootsuite. Bookmarked it last night then saw @marketingwizdom was using it so thought I'd better check it out tout suite 🙂 #
  • @sueblakePR Et tu ma cherie! Long time no speak. Trust all is well. in reply to sueblakePR #

Powered by Twitter Tools