robmaeder.com Gets Hacked Again
Last week I went to log into my robmaeder.com webmail account, and I was greeted with a little message saying “Hosting for this domain has been suspended”. Perplexed, I checked some of the other domains I host, and they were all working fine. I contacted my hosting provider, and I was informed my account had been compromised and a bunch of shit was being uploaded to my webspace.
After digging around, I realized I was using a pretty old version of WordPress, and it contained some security holes that were exploited by someone who thought they could use robmaeder.com for their nefarious purposes.
The entire domain was locked down to prevent any further problems, and I spent a good hour or two cleaning up the mess that was left behind. Lucky for me, nothing was deleted, but a bunch of weird files and scripts were uploaded all over the place. Once that was all fixed, I upgraded to the latest version of WordPress, and also installed the Automatic Upgrade Plugin to make future upgrades easier.
Once WordPress was upgraded to the latest stable version, I noticed the theme I was using was broken, since there were some major changes made to the software. That’s why I’ve got this spiffy new layout here now.
I learned an important lesson: keep your blog software up-to-date. WordPress is open source, so it’s always being updated and fixed up. But there’s also new exploits and security issues being found all the time, so it’s important to get the latest versions, which will fix bugs and patch up the security holes.
