A month or so ago (was it really only a month ago?), while I was working at the conferences in Providence, someone found a way to get inside my WordPress installation. It started with an email from Dad, telling me my page lead to an oriental porn gateway. Yeah, real cute. Cleaned that up quick, but didn’t have time to do much of a security review. Sure enough two weeks later files were modified again. Still no real time for review what with visiting family, school projects, work… hell the blog was becoming more like a job. That’s not cool. I did do a quick search and saw that it was probably an old security problem (keep up to date!) that was fixed in the latest releases. So I upgraded the WordPress files to 2.5, in place on the server. Same users, MySql database etc. A week later…same thing again. Definately no time then…finals around the corner, final projects due… DVD needed to get done for a UN presentation.
Finally in the gap between end of exams and family celebrations the week of the 19th I decided enough was enough though. I exported all the entries. Gzipped up all the files in the account, dumped it to the laptop and then deleted the whole damn thing off the server.
Dreamhost has a great one-click installer for WordPress that I used to reinstall WordPress to the domain running on a new database. A few minutes later and the entries were imported back in, with the old account names (new passwords) in place and I started re-uploading the files that were not covered by the import/export. (my “theme”, plug-ins, etc).
I took my time about it, checked every file I re-uploaded (lots of graphics mostly – OSX’s Quicklook rocked that task!) and did some testing, but it appears, everything is working just as it was. It’s running now on the latest greatest WordPress, with updates being now extremely easy to perform thanks to Dreamhost’s updater
One click…done.
So are the Asshats gone for good? Who knows, but I have a clean, known working point with a limited set of reviewed plugins so if they come back it will be easier to eliminate how they got in. It has been over two full weeks with no sign of them either.
Post a Comment