Looks like we finally found our evil hacker, and I spent the better part of the evening doing cleanup of forum spammers.
It was nothing personal. We were the target of a widespread WP hack. The drug company hack also nailed many university websites.
For security reasons, all blog registrations are now subject to approval.
If you have any trouble registering to comment, no problem. Just click the handy CONTACT form above, and I will set up an account for you.
It’s possible some legit accounts were affected by the mass deletions. If you suddenly find yourself unable to log in or comment, please contact me.
Web Goddess DC McQueen knew there was some kind of code being inserted into our system, but where?
I began to be suspicious of a large number of registrations on the blog recently, so I did some research. The spammers are a common feature of this hack. After registering, the hacker makes themself an admin and then inserts malicious code into your system. As I wrote, we could not find the code in our files, but lookie where we did find it:
Right there in the member registration!
Naturally you should be sure to look in your FTP files for suspicious code. One person told me he found the code in his WP Supercache file.
Certainly didn’t expect to find it in member info.
I apologize for the inconvenience, but all WP systems are vulnerable to this attack. On your own blogs, watch your member registrations. You may find yourself locked out of your own system when someone makes themselves an admin.
I am sincerely sorry if I deleted any legit account.
The best way to make sure you are not deleted in a future security sweep is to PLEASE use a name, not just a user name. You do not have to use your real name. However, spammers are less likely to use names.
It’s super easy to use, and helps me to identify a legit account. We have a fun and interesting community, and I will do everything I can to discourage the spammers, hackers, trolls, and other internet vermin. Thanks for your patience and understanding.
And that little picture of Liana is a gravatar. You do not need to upload an image from your computer. If you find something on the net, you can use that, too. I don’t have a problem if you use ADS images as gravatars.
but… I *like* my little black and white art deco rorschach blot!
LOL! Well, I won’t delete you by accident. I have your name! MWUHAHAHAHA!
I’m surprised (shocked, really) that WP allows JavaScript, or any code for that matter, to be injected into any input field. This is a very old way to subvert web forums and most of them automatically strip out or modify anything in ‘s to prevent it.
Since WP has such a large market share in blog software, I’m very surprised that a) someone hasn’t tried this attack before now and b) the WP software even made it past QA without someone noticing it.
Heh, looks like WP modified my post to remove what I was describing. Let’s try again – most software will remove anything in greater than or less than characters to block this kind of attack.
I did not know that! But I will definitely keep an eye out for this sort of thing.
Snaps to DC MCQueen. She has been very patient helping me to understand much of this new stuff, and I now have enough confidence to do things on my own. I was able to find the info online to track down the hacker. We knew we had one, but it never occurred to me to look in the user list for the code.
I found many websites complaining about the same hack. At least a half dozen of the ID’s of recent hackers showed up on my User lists.
DC updated to a new version of WP.
Testing out my new Gravitar image. I hope this works.
Also, if you’re still using ftp on your server, you might want to ask your sysadmin to turn it off and replace it with sftp. Sftp is way more secure – in regular ftp, everything (including your username and password) is sent over the net unencrypted and in the open. With sftp, everything is encrypted and is far safer.
Testing 1…2…3…kick
Gives secret handshake/hand jive.
Blood sample…matches file…check
Retinal scan…matches…check
Note from mother…on file
Scanning web for street cred…active since 1988…subject once programmed a Timex Sinclair with 2K of memory.
Aliases, screennames, accounts…cross-indexed.
…
Good evening, Mr. Adair.
Would you like to play a game?
Good evening, Joshua.
I think I shall spend the evening in the MUD playing Naked Bondage Twister in the Shower. The Polygamer BBS reports that there are some new ASCII animations to be seen.
///
I’ve got a great idea for a computer virus story, but it will have to wait until after November 11, 2011.
End of line.
Very funny, Torsten.
Although, if that 1988 date is for real, you have me beat. My first computer didn’t have a useful modem — didn’t get that until 1990. But I WAS active on GEnie at that point.
Back in the dark ages, when you had to dial directly into the board.
The first computer I programmed was a black (Bell and Howell) Apple ][ plus, purchased by the PTA in 1981. I think it had 64K.
1988 was when I started college, and discovered Unix and networking. Sadly, though I was ideally positioned to exploit the Internet, I never developed any aptitude for computers. I know enough to get me into trouble.
But yeah, I was first in line when War Games and Tron hit the bit (I mean BIG) screen. I can count to 1023 on my fingers. Before I was a comics fanboy, I was a vidiot, jonesing for a Colecovision.
And when I saw the new Tron Legacy trailer in the movie theater, I had the biggest grin in my face.
Funny, I also took computer programming in college, and got good grades. But by the time I got a computer of my own, I was years behind the eightball. Could barely send email.
Never been a video game playah.
I’m with you, Colleen, in not being a playah. Mainly because I knew how easily I could get addicted to them. (I’m bad enough with solitaire, hearts, Tetris and Nurikabe).
When I was very little — back before Mac appeared, waaaaayyyyyy before that, my dad built himself a very primative binary computer, just for the heck of it. He was an electrical engineer, so it didn’t seem like too odd a recreation. It sat in our basement for years, before we moved to Texas.
my first computer programming experience was a Commodore PET, around 1980 (junior high.) We got Apple 2C in high school, I hated it.
My ex built a computer with an actual tape drive, as in data stored on CASSETTE
(dang enter key)
I forget what that computer was called. It was so old. I want to say it was a Wizard or some such? I’d Google it but I’m lazy XD I’ll remember eventually.
ah! It was an Exidy Sorcerer. Wooo! 64k memory FTW!
http://en.wikipedia.org/wiki/Exidy_Sorcerer
I can’t even remember what my first computer experience was, but it was in high school. Some friends and I hacked the school board computer. They had just gotten a new system and had never changed the password, which was the manufacturer default CODE.
We moved all the teacher’s payscales four bytes to the left.
I am very sorry, and have now reaped my hacker karma.
OK, that’s not really hacking, but back in the day, we thought we were all that.
And it was all long enough ago that we used punch cards.
wow. The only real high schooly kind of mischief my group and I did was repeat dialing the local cable company and saying in a fakey British accent “oy wont moy Ehm Tie Vie” (just like the commercial told me to: “I want my MTV!”) Yeah then we got it and… yawn. XD
Yeah. Rebel without a clue.
Good lord! — Arlnee is really Dick Van Dyke!! Chim-Chiminee…
XD I would like to think my accent is slightly better, and my dancing slightly worse, than Dick Van Dyke.
I still think I got the better end of that deal