Thankfully it wasn’t anything serious. I can manage to find a few bits of stealthed code, it’s been taken care of.
How did this happen? Let’s look at the attacker’s IP address (since everything that hits the site is logged). I do a “whois” search on the IP address, and find that it’s assigned to a company in California, that uses Bluecoat web proxy filtering. Ding ding ding, there’s the problem right there.
Most likely what happened is that someone found a weakness in one of their proxy servers (which are notorious for having weaknesses) and used it as a portal to launch an attack on my website, which was to add a few lines of hidden code where I wouldn’t notice it, but would cause redirects to sites with ads for that person’s personal benefit. Chances are if they had done something drastic, I would have noticed earlier.
This is a perfect example of why people need to learn more about security… I will be upgrading my WordPress engine shortly. Again, sorry if you got redirected, and God help whoever hacked it if I ever find out who it was (not likely).
February 3rd, 2010 at 1:35 pm
u got powned!!!
On a lighter and more positive note, I made the blogroll. I feel special. Now, I just need to add you to mine.
February 3rd, 2010 at 9:46 pm
Thanks for adding me, Jeff. I’m honored to be in the growing list of thinker blogs you link to… I’ll try my best to not disappoint!