Apologies for the outage

The site has been unavailable for a while because some creative person or persons decided to use it for sending out spam and setting up a beautifully crafted facsimile of PayPal. It appears that a vulnerability in an old WordPress version was exploited some time ago (several months ago at least); for a while, nothing more happened, but on Dec 31st the attacker(s) started uploading foreign content to the site.

Part of the problem is that WordPress updates do not delete old unused files. In this case, the old and no longer used ‘default’ theme was somehow modified and then used as a backdoor. Because WordPress updates neither delete the unused scripts nor overwrite them, malicious PHP scripts hung around for at least a few months. Learn something new every day…

Let’s hope the problem is now resolved and the site will stay up for a while.

This entry was posted in Site Management. Bookmark the permalink.

5 Responses to Apologies for the outage

  1. Calvin says:

    WordPress is a great remote shell with a handy blog feature.

    I never liked WP and it’s bloat, nor the clones like it. I rolled my own instead – should fix that up.

  2. Michal Necasek says:

    Unfortunately for me, I’d much rather spend my time blogging than developing blogging software, so I’m stuck with WordPress (or something similar, which I’m sure isn’t much better).

  3. Julien says:

    Glad you’re back!

  4. Welcome back! And happy 2014!!!

    Looking forward to more great posts!!!!

  5. Michal Necasek says:

    Thanks, and likewise :)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>