I’ve been hacked– some way to tell when?

  • thebadastronomer

    (@thebadastronomer)


    18 years ago

    Hi-

    Checking my incoming links, I saw some rather naughty words people were using to find my blog. Given that it’s a science blog, and family friendly, I was suspicious!

    I’ve been hacked. Someone inserted code into many of my pages (not sure how many yet) with links to dirty sites. Here’s the code:

    <div style='position:absolute; top:-5000px; left:-3000px'>
<a href=www.unc.edu/~zito/worklog/?p=5>.</a><a href=www.unc.edu/~zito/worklog/?p=4>.</a>
<a href=https://powergolflink.com/TimeLeft3/Tmp/nude-teens-free.html>.</a><a href=https://powergolflink.com/TimeLeft3/Tmp/nonude-teens.html>.</a><a h
</div>

    I have deleted many many links from that list (there were maybe 40), since you get the idea.

    I don’t know when this happened; I just upgraded to 2.0.x a week ago, so it may have been before that.

    Is there some way to know when this may have been inserted into my content (note the offsets in the first line; the bad stuff doesn’t display, so someone may have been going for pagerank here).

    Also, is there some way to bulk delete it from my database? Going through dozens of posts will be a pain.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Doodlebee

    (@doodlebee)

    You could look at your access logs…

    Thread Starter thebadastronomer

    (@thebadastronomer)

    Update– there were roughly 30 posts, so I went ahead and edited them all. I’m clean now.

    The newest one was hacked some weeks ago, so going through the access logs is out. I’ll keep an eye open to see if it happens again, but I do suspect this was from a hole in the 2.0.x security.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘I’ve been hacked– some way to tell when?’ is closed to new replies.

Tags