Stippy Was Hacked!

Stippy Was Hacked!As you may have noticed, we were down for the last 4 or 5 days. Some malicious person decided that hacking stippy would be a novel idea. Well, I was away for a week, and did not have access, and therefore not a chance to restore from backups until now, but this is the first time that a hacker has really, no I mean REALLY annoyed me. Someone found a way (god knows how) to modify almost every file in the directory where stippy is stored, without making any obvious changes. So, it was either compare each and every file with those in the backup, or just restore from the backup. What sort of dumb-arse does this sort of thing. People who hack others’ home pages deserve the same fate as kiddy fiddlers and granny rapists. They ought to be strung up by their you know whats, and hung out to dry. They are the cholesterol, the cancer and the gall stones of the internet all in one. There I go. Don’t I feel better just getting all that out. Whoever did this, you’ll have to try harder than that! Go get yourself a stippy friend, and let your steam off elsewhere. (But then again, it was a learning experience, and I have tightened a few screws so that this should be much harder to achieve for the next dimwit with too much time on his/her hands).

5 thoughts on “Stippy Was Hacked!”

  1. I feel your pain. One of my sites was hacked a few weeks ago. Thankfully my hacker was a bit more ‘benevolent’ (or incompetent) and only corrupted the front page. In fact, they even saved a copy of my original page for quick fixing! Maybe it was just an attempt to let me know I should beef up my security. Still, why not email me, instead of hacking my site and not telling me how they did it?

    Anyway, I think you should figure out how they hacked it in the first place before inviting them to come back and try again! I’m glad you had backups – stippy is a great site.

    You’re running WordPress right? I believe there are a lot of security issues involved with the 3rd-party addons, so they probably just exploited that. Usually this (I think) involves a process called SQL injection. Here is a list of injection scanners that might help you find vulnerabilities if that’s the problem: http://www.security-hacks.com/2007/05/18/top-15-free-sql-injection-scanners

    I’m not technical expert – just know what I know from running sites for a couple years. Good luck and glad to see you back!

  2. Ey, being hacked sucks

    I’ve run into problems like that before with sites I maintain. WordPress does have some security problems, which is why you need to keep up to date with the versions :)

    However, a clever hacker can get in in a number of ways. For example, if you are using a shared hosting server then they can simply hack another website on the server and gain root access from there, and then have a field day.

    Back in the day, hackers would deface a site for kicks – nowadays they do far more malicious stuff as its profit-driven.

    If he managed to get hold of write privileges then you must start looking around the directory structure to make sure they haven’t turned your site into a zombie (a remote pc under a hackers control that he can then rent out to spammers or whoever) by uploading spamming scripts etc and used the ‘you got hacked’ message as a smoke-screen.

    Also, look at the cronjobs to see if he didn’t get sneaky and set one up – i’ve heard of cases where they’ll set up cronjobs to restore removed files from a hidden backup :(

  3. Heavy… What you could do is hire someone to try and constantly hack your pc, and give you a heads up on any loose points in you system. A little weird, but it definitely heps tighten things up if you want.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Current ye@r *