Wordsligner • Dissident • Webwright

Infected

Published 17 April 2008

The consequences of playing fast and loose in Web 2.0

You always think yourself invincible. You read about it. you see it happen to others. But you think, “It could never happen to me.” You’re Internet savvy. You protect yourself. Sure, there was a little while—back in the 2.3.2 days—where you were a little risky, but you made it out okay, right?

Right?

And then it happens. Suddenly things look wrong. Down there—in the footer. Someone used a WordPress security hole to set your theme and upload locations to ../../../../../../tmp and they’re running PHP scripts from there.

You panic. You e-mail support. Your message is half in all-caps and its spelling only vaguely resembles English. When they reply it’s only to tell you that there’s nothing they can do. They suggest you change your passwords. Take two asprin. Call them if it gets worse.

It doesn’t. And time passes.

You don’t think about it much. You’re smart now; you’re secure. Your blog is up-to-date. You use SFTP, check your e-mail with SSL encryption and put passwords on your screen saver.

Sometimes, when you’re lying in bed, you wonder why your Technorati reactions are filled with smut, but of course you’ve read about them drowning in spam, so you don’t think too much about it.

Then it happens again.

How?!? You’ve been safe this whole time! But you can’t deny it when your Live search results show spam coming from your site. You check the URL and, sure enough, there are women being objectified in horrible, horrible ways.

Once you get control of your breathing, you check your server. Sure enough, there’s an index.php that you didn’t add that pipes in pr0n from another domain. And worse: the timestamp says this has been up for seven months. It’s your old mistakes coming back to haunt you.

So that’s when the research starts, and the awkward e-mails.

I just noticed some bad content coming from a blog reactions from Technorati. Please check the index.php file in the following directory:

wp-content/uploads/2007/02

I believe you site was hacked–I found a similar hack on my site.

You feel dirty. You begin the agonizing inspection of your entire code body. Sure enough, you find some spammy lumps: links to MP3 download services hidden from users with CSS. You ask yourself where you went wrong, how you could have been safer. You wondering if this Web 2.0 thing is worth the fanfare.

Uncomfortable and alone, you do the only thing you can think to soothe yourself: sit down at your laptop to blog about it.