almostwitty: From the American Museum of Natural History, between 1901-1904. https://nextshark.com/19th-century-photo-eating-rice (Default)
almostwitty ([personal profile] almostwitty) wrote2009-05-15 10:30 am
  • Add Memory
  • Share This Entry
Entry tags:

Wordpress plus Dreamhost = hacked Wordpress blog

I host my main blog on Dreamhost, using Wordpress. This may have been a fatal mistake.

A while ago, someone emailed me to kindly point out that my site had somehow been hacked, and spam links injected into my HTML code. It wouldn’t appear on the site to human eyes, but it’s all there in the HTML code and picked up by Google et. al.

I changed all my passwords (Dreamhost, Wordpress, FTP), removed the hacked code and thought the problem was over.

Oh no. It’s just come back. Only this time, I can’t figure out where the code is. And since I changed all the passwords to begin with, it means that either Dreamhost or Wordpress has become seriously compromised. Although naturally my Google-fu is failing me and I can’t figure out where the problem’s come from. Although this post gives one indication.

Now I’m debating whether to carry on with this blog or move to yet another blogging platform like LiveJournal or something… bah… Or I could give up. It’s been six years, after all…

Originally published at almost witty. You can comment here or there.

Threaded | Top-Level Comments Only

[identity profile] hellmutt.livejournal.com 2009-05-15 11:46 am (UTC)(link)
Oh eff.

I have Dreamwidth invites if you want one. It's a new LJ clone just getting off the ground.

A friend of mine also swears by Tabulas, which has some crossposting functionality.

But to be honest, I personally wouldn't go back to using LJ or similar as my main blog. I like my WordPress. I use LJXP to crosspost, as you do, and there's a new extension in the works that will cross-post to several LiveJournal-running services at once.

My personal site is with UnitedHosting's UK service. I can't praise their support highly enough - I've always had instantaneous response from knowledgeable humans to even my low-priority tickets. They're not the cheapest out there, and on their hosted plan they don't let you mess around with involved stuff like making and installing Perl modules (but will do it for you if you ask). Their uptime is very good. Their support fora are full of savvy users and UH's support staff are often seen on there too.

[identity profile] anivair.livejournal.com 2009-05-15 12:18 pm (UTC)(link)
Happens to me a lot. It's never because of wordpress (which is easy to update via the Dreamhost panel) but because of something else on my site like html forms or something. Since i got rid of all that, my site is more secure (fingers crossed).

However, I recently set up a Drupal blog on my site and i love it and it's way less hackable. If you want to look into that, I'll send you info. It's pretty and customizable and I dig it.

[identity profile] kiri-l.livejournal.com 2009-05-15 02:59 pm (UTC)(link)
What is wrong with just using LJ? (ok admitted I never got the hang of wordpress - at least I think it was wordpress. too much hand coding every time I wanted to do something.. hours and hours of code just to make a post? nah. I've got a life to life thanks)

and "How to detects them?" Dear Wordpress.. how about starting with an understanding of English.. this may greatly help your skills at coding and detecting hacks. That aside this was detected nearly a year ago (28 May by the byline) a year ago and they haven't figured out a solution? Bad programmers.

Color me very unimpressed.
almostwitty: From the American Museum of Natural History, between 1901-1904. https://nextshark.com/19th-century-photo-eating-rice (Default)

[personal profile] almostwitty 2009-05-15 03:06 pm (UTC)(link)
LJ doesn't play very well with the rest of the web alas. Very hard to, for example, embed a widget into the right-hand nav.

Plus, if you come into LJ from the outside without having created an account, you can only comment anonymously. Which isn't that handy for the vast majority of people who don't have LJ accounts.

And you get the same problems with Dreamwidth, alas.

[identity profile] kiri-l.livejournal.com 2009-05-15 03:16 pm (UTC)(link)
I'll be blunt so far dreamwidth seems to be LJ with shiny (re neewer) I don't get the fascination.

I get the "not playing nicely" though. what about no I'd best not suggest anything cause I seriously walked away from having to hand code the majority of my blog stuff a few years ago. (I was going to ask about blogger.. but it may well be powered by wordpress) If you are really wanting a change I'll ask around and see what others who blog across several whatevers are using.
almostwitty: From the American Museum of Natural History, between 1901-1904. https://nextshark.com/19th-century-photo-eating-rice (Default)

[personal profile] almostwitty 2009-05-15 03:18 pm (UTC)(link)
I think Dreamwidth = LJ with possibilities. Which is a slight shame since I quite like LJ as a blogging platform, as it stands...

[identity profile] kiri-l.livejournal.com 2009-05-15 03:25 pm (UTC)(link)
OK.. why do you say that? (keeping in mind all I've seen is a stream of people going "give me an invite!!!!" and a splash page)
almostwitty: From the American Museum of Natural History, between 1901-1904. https://nextshark.com/19th-century-photo-eating-rice (Default)

[personal profile] almostwitty 2009-05-15 03:28 pm (UTC)(link)
Well, when was the last time you saw LJ doing anything new?

[identity profile] kiri-l.livejournal.com 2009-05-15 03:37 pm (UTC)(link)
depends on what you mean by new. The news thing (about once a month) goes on about stuff. There's usually something updatey in there.
almostwitty: From the American Museum of Natural History, between 1901-1904. https://nextshark.com/19th-century-photo-eating-rice (Default)

[personal profile] almostwitty 2009-05-15 03:42 pm (UTC)(link)
Well, new as in new features to play with that actually make the blogging system better.

What LiveJournal in its SixApart and new owner guise seem more concerned with is bringing in new content partners and turning it into a content portal. Which is fine in many ways but well, that's what everyone else is doing.

[identity profile] kiri-l.livejournal.com 2009-05-15 04:01 pm (UTC)(link)
new features like what?
almostwitty: From the American Museum of Natural History, between 1901-1904. https://nextshark.com/19th-century-photo-eating-rice (Default)

[personal profile] almostwitty 2009-05-15 04:07 pm (UTC)(link)
ooh, like embedding widgets into the right-hand nav? Allowing non-LJ people to put their website or name in comments?

[identity profile] kiri-l.livejournal.com 2009-05-15 04:15 pm (UTC)(link)
oh. so like someone could use openID or soemthing? (which btw can be used on LJ)
almostwitty: From the American Museum of Natural History, between 1901-1904. https://nextshark.com/19th-century-photo-eating-rice (Default)

[personal profile] almostwitty 2009-05-15 04:15 pm (UTC)(link)
Well, no, people can use OpenID.. but then most people aren't aware that they've *got* an OpenID.

And what if you don't even have a website? Where do you put your name?

[identity profile] kiri-l.livejournal.com 2009-05-15 04:24 pm (UTC)(link)
I've never put an url in the website thing. Isn't needed.
Threaded | Top-Level Comments Only