Well, I found a directory on my Wordpress install that I didn’t install the contents of. My wp-content/uploads/ folder had a directory /2007/12 in it, which, in itself, wouldn’t be much to raise concern, but it wasn’t “owned” by me. My web host confirmed that all files should be owned by me. I couldn’t delete the folder, it seems. I sure wanted to, because it contained 100s of html pages that were all redirects to scummy splogger sites. So, I guess that I got hacked. Folks, upgrade your Wordpress as soon as you’re advised of a security release.
When I changed my cPanel password, some wierdness occurred. If you were browsing my site this afternoon, you might have caught the moment where there was no database connection. You see, when you change your cPanel password, it changes your mail, ftp, and mySql passwords as well. It took a minute for the system to all get working again. When I was checking the mail to ensure that it still worked, I noticed that I had almost 8,000 emails sitting in my default mail account. I’ve not actually configured an email account, as I use Google’s Gmail redirect service, where I can forward mails received by corey@ to my Gmail email and send as corey@. Why not use their spam filtering, rather than manage my own? So, these were the emails that were being sent to any whatever @coreythompson dot com since October. I am sure that all of it was SPAM, so I set up squirrelmail to show 1000 mails per page and used “toggle all” and sent them to my trash folder and then purged the folder. I then set up my mail settings to bounce all email to addresses without forwarding with a “no such recipient” message. Hopefully, this will keep the unwanted emails off my server.
What a sucky happenstance.
I’ll have to see if I have the same thing when I get home at 3am.. Off to
workhell I go.Thankfully, my host allows me shell access to my account, do I can change permissions on lots of files very quickly without having to click my mouse a zillion times in an FTP client. I’ve been changing web access permissions as well, one at a time, so that I can lock things down a bit better. I think that I’m going to audit all of my plugins as well to see which ones demand more permission than they deserve and find a replacement for any that do. BTW, that folder had over 2000 web pages in it…but it ain’t there no more!
I had something similar happen to me, though I simply hid the folder and then changed permissions on it. The clever hackers simply uploaded a “defaced site” page that didn’t actually link anywhere. Damn script kiddies!
But yes, definitely update your WP install.
Usually upload directories for blogger sites and such are either owned by the process httpd runs as or need world rwx permissions so the file can actually get uploaded thru the browser.
Unfortunately, I hate saying this but Wordpress is probably the most widely used blogging platform so it’s going to get targeted more often than others. Think of Wordpress like Windows or phpBB nowadays, it’s just a sitting duck now.
When you find yourself applying patches and updates more often than making posts, it’s time to switch to a new backend and platform.
I’ve updated Textpattern twice in two years.
I understand what you’re saying. I found it interesting that one of the people who helped the most in the WP forums ran his blog on Textpattern.