Hacked!

2 mins
, , , ,

If you are reading this with Internet Explorer 6 you are at risk

Ok, first things first. If you read this blog using IE6, you should check your machine for malware using Microsoft’s anti-malware tool or your favourite anti-virus suite. You should also consider installing Firefox with its ad-blocking goodness and lack-of-ActiveX-ness.

For several weeks I’ve been unsuspectingly handing out evil in the form of a hidden <iframe> tag, as well as having loads of poker-related links hidden in another article. According to my friend Joe Walnes, the iframe exploit installs a tiny “zombie” service through vulnerable IE6 browsers that hides in your Windows machine awaiting instructions.

I am hugely grateful to “noreply” at Google who mailed me to tell me this was the case—I really had no idea. It turns out Google were prefixing any search results to my site with a big sign saying “this man is a cheesy purveyor of malware”. Good for them—I was! And doubly good for them, they told me. Also thanks to a chap called David who pointed out the poker links.

You can never be too careful

I like to think I run a reasonably tight ship in terms of security. My server is sitting behind a firewall, running a solid Linux distribution with /bin/su disabled (in favour of the more secure sudo), which you can only log into as a non-root user with an ssh key. In other words I could give you the root password and it would be pretty much useless unless you were sitting at the console. I upgrade WordPress whenever they produce a new version. I use mercurial to allow me to roll forward or backward across upgrades, because, well, why wouldn’t you?

However it seems some evil pondscum used an exploit in a file called xmlrpc.php to inject hidden badness into the body of a number of blog posts. I’ve now disabled xmlrpc.php, but anyone using WordPress should be aware that there are lots of exploits some of which are still unresolved, and should lock down their installation accordingly. Naturally something as popular as WordPress is going to be a target for hackers. I certainly learned a lesson about being over-confident.