Crap. Somehow, someone's gotten access to edit my posts on this blog and have crapped in loads of viagra linkspam. I've probably destroyed the evidence already by deleting the spam as soon as I saw it — and as soon as some friendly readers emailed me pointing at more. I've done the obvious, changed my password and tried to lock down the admin pages a bit. But, I don't know who, how, or why. Ugh.

So, my apologies if anyone sees any offers for penis pills around these parts. A heads up would be kindly appreciated as I scour my records and grumble.

Archived Comments

  • I have heard that wordpress needs to be updated to the security point releases consistently. This is something that I try to stay on top of. Don't remember this being that big a deal with movable type. Could be a design flaw for wordpress, or perhaps PHP.

    At one point I was using rsync to synchronize the new default files, and then hitting the dashboard to update the db design if it had changed. last update I did manually since I needed to move some photo links around in mysql. I still think rsync is a good tool for this task. Though lately they have been obseleting some files and they probably shouldn't be left around. what were the permissions on your files?

    -tanner

  • Are you hosting on dreamhost?

    http://blog.dreamhosters.com/2007/06/06/dreamhost-ftp-accounts-hacked/

  • Thankfully no, not on dreamhost. Unfortunately, that means I don't have that excuse. :)