New S&B later today
November 4th, 2009The last week has been rough on the Socks and Barney site as it was the victim of a “Spam-injecting” hack (the Bloop site was also affected). The hack exploited an old weakness in WordPress security and installed a script on the server that allowed the bastids to add hidden code to the pages of the site designed to outfox Google. An eagle-eyed reader with some crafty browser plugins spotted the eeeevil code and called my attention to it. I deleted the spam immediately only to have it appear a few days later. And reappear. And reappear. I even modified the server permissions for the infected template file so that even I couldn’t edit it and yet still the spam reappeared.
On Monday, I tracked down the multiple hidden scripts which were responsible and deleted them. The offending script looks to have been placed on the server a few WordPress versions ago and was only activated recently. But we’re clear now. So far so good. But those are hours I want back.
– Steve
Stumble it!
November 4th, 2009 at 5:11 pm
I’m intrigued (as a programmer) by how that was done, but as a user, I’m damn glad you found it. That kind of people are scum.