What The…
Great, now I’ve got something new to worry about. It seems that blog spam (comment spam, referral spam, trackback spam) was not enough. Now I’ve seen a Movable Type blog hacked by spammers. True, it was an older version of the MT software–though I’m not even sure that was the weakness the hacker exploited–but it’s now officially got me worried.
It was not my own site, but the site of a family member who needed a web site with certain features, and so I quickly set up an MT blog to fill their needs. I was checking it out today, and suddenly I noticed that on a few entries, a spam link was inserted right smack into the middle of the blog entry page. Worse than that, the browser I was using (Firefox on XP) suddenly bogged down, trying to open up a variety of weird windows and files, to the point where I had to force-quit the application. Later, I tried opening the same pages on my Mac with Safari–and though Safari did not try to open the files, it opened windows filled with junk characters–and it, too, froze and had to be force-quit.
When I looked at the individual pages, it turned out that the link was added directly into the page’s HTML, and there was an indecipherable script added to the bottom of the page. When I checked the entry’s core text on the blog’s control page, it was clean–so the blog’s software and database seem not to have been compromised. But the site’s security apparently was, and that site’s security was standard for the field.
But that wasn’t all. In addition to the 8 pages of the site that were hacked, 3 PHP scripts and an htaccess file were also added to the directory.
Since the original blog database was clean, it was a simple matter to rebuild the site and then erase any files added by the hacker (who apparently did the deed several months ago). So now the site is clean, but whatever scumbag hacked the page might still have access… so I’m going to have to reset the entire site, and then keep an eye out for more stuff like this in the future.
I knew spammers were despicable lowlife criminals, but I’ve never seen or heard of them going this far.
Hi Luis,
If you’re using FireFox, one of the plugins that is a MUST for anybody to install, is NoScript. It standard disables JavaScript. 90%+ of all web sites will still work fine, and for the few that don’t, you can decide to turn it on (temporarily or permanent), or not.
This is good practice, and in general you don’t notice it. It gives me a lot of confidence for added security.
Cheers,
You were complaining about all the spam on your forum:
I’ve been seeing now a few times a “trick”, which will eliminate all (automated) comment-spam.
Take for instance a look at the comments-input of this web page:
http://www.theworldlink.com/articles/2006/09/12/news/news10091206.txt
It uses the familiar “image verification” for the comments. If your software would support something like this, you wil have a 99% secure solution….