HTML iFrame Hack WordPress
gentlemen and ladies – i got whacked for the second time on this wordpress powered blog with an HTML iframe hack. the first time i think i cleared up the situation by finding the offensive code inside of the template files (header.php, footer.php, etc.) of the blog’s theme, and ripping them out. that i followed up by updating WordPress to the most recent version.
so, that’s what i tried this time. but, it was to no avail. i couldn’t find the offensive code in the templates anywhere, but it kept showing up when the pages were put together. actually, it appeared inside of the posts, which makes me think that they may have gotten it into the database where wordpress stores the post information. maybe, maybe not, what the hell do i know, other than updating the wordpress software didn’t do the trick this time.
and, apparently this starts as a hack, that is used to spread things. like potentially viruses. i know people that use iframes to spread cookies as well.
i’m inclined to think that someone found an exploit in the free software i’m using – or wind has it they can find exploits in the templates (themes) as well(?), and then got in from there. apparently there are procedures that will let you go in to your web account via a telnet SSH prog like Putty, find the files with the evil code, kill it, and then put your blog back together again.
since this is a non-revenue producing endeavor, and there really wasn’t any post that i felt losing would affect me emotionally, and i almost fell asleep playing around with line commands last night, i thought screw it – BLAM. forsake the scalpel and use the sledgehammer. broke is broke – may as well get a new one.
so, i decided to just install the newest version of wordpress – new database, new database user/passwords, new blog admin/passwords, new FTP password, NO ANONYMOUS FTP allowed now – i wonder what kind of leak that might have been :(  - and i’ll probably take a terribly popular theme when i choose one. the only plug-ins i have so far are akisemet, which is essential.
that all being said, it looks like i’m back in the ballgame. this little compter episode was a bother as far as spending time goes, but i do so much enjoy the feeling of cold blood once in a while – and playing with computers in this manner does chill my blood a little. it’s exciting.
now it’s over – safe, sound, and fresh as a daisy.
June 30, 2009
Posted in: Uncategorized
4 Responses
did you lose all your archives?
Sorry to hear about the headache that this has caused for you. However, I do feel heartburn over one missing blog post – you MUST, in some fashion, being back the pic of you on the Heineken drums. That was too cool.
DWarrior – yep, the old database is gone, along with all the posts. i’m ok with that though.
Btimm – without worries, i can get the pict back up. hehe.
one thing i need to do is NOT forget the book posts. i was talking with a former barkeep (he got married, had a little guy, and now lives the daytimer life) and in an instant we agreed that so much stuff happens, that it all starts to seem common. and then you just forget it.
i got the same experience… all of my blog was broke b’coz of this. fortunately i have a backup file.
Leave a Reply