jonlee.ca

Two weeks ago when my blog got “hacked”, I had quite the scare. Unfortunately, I was away from the computer that day so the blog was down for almost 10 hours. But once I realized what had happened, I managed to restore everything to its original state within an hour.

What Exactly Happened?
In my case, only my WordPress installation was compromised so by restoring my WordPress database, I was able to regain access to my blog. After much digging and Googling, I was unable to come up with a satisfactory explanation of how my blog got “hacked”.

I put “hacked” in quotes because I have my suspicions about whether it was indeed hacked at all. After contacting mediatemple about my problem, they were very helpful in analyzing server logs and discovered nothing out of the ordinary. It seemed that for some reason, my WordPress installation had uninstalled itself. My page reverted to the “Click here to install WordPress” page one gets upon first running WordPress.

Apparently, that page was up for quite a while before someone decided to click “Install” and enter some fairly tame information (i.e. calling the blog Jon’s Blog and setting my email to jon@jon.com). It didn’t seem like a hacker at all since a hacker probably would have installed the blog right away instead of just letting the page sit there for a few hours.

Also, neither my database nor any of my other sites were compromised. It was just the WordPress database that was overwritten when someone clicked “Install”. By the way, mediatemple has logged the information of the person who reinstalled my blog but we have decided not to pursue it since we believe that person was only being mischievous and meant no real harm.

Recovering JonLee.ca
After restoring my latest backup, I was still missing a couple articles. The images were still on the server — it was just the article itself that was missing. So I fired up Google Reader and copied and pasted entire articles from my feed history (Yes, I subscribe to my own feed ). Another reason to offer a full RSS feed!

Most of my software was already up-to-date but a couple plugins needed an update. Since then, everything has seemed fine and I haven’t found anything suspicious in either the file system or unexplained page accesses. I’m still fairly wary of being hacked and check my site more often each day to make sure everything is running okay.

If you’ve ever had a similar experience, I’d love to hear your story!

Popularity: 9% [?]

This entry was posted on Saturday, July 21st, 2007 at 11:19 pm and is filed under Site stuff. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.