Lee Kelleher’s Weblog

Just another WordPress.com weblog

Hindsight… It’s is a wonderful thing!

with 2 comments

A couple of hours ago I received an automated email from our Travelblog site, saying that we had a new user registration; which was strange, since we disabled that feature a long time ago!  Great! We’ve just been hacked!

I put my hands up in the air, I’d been running an old version of WordPress (2.2) … which I’ve been meaning to upgrade for a long time; but hey, I’ve bought a house, had a baby and build my business during that time! It’s not been at the top of my priories.  So yes, I’m aware of the security holes/risks, etc.

Needless to say, WordPress 2.2 has an ugly security hole which allows hackers to remotely inject SQL statements into the database.  I’d heard about this at the time, but thought I was covered because it relied on the hacker having a valid username/password (see the trac ticket). Well it seems they don’t!

Within a minute of receiving the new user registration email, I deleted the user account, changed our passwords and upgraded to WordPress 2.6 - which came with it’s own set of problems (i.e. all the category names disappeared).

Here are the details of the would-be hacker, so others know about him:

Username: sidon
E-mail: Dimka@hotmail.com

Written by Lee Kelleher

July 18, 2008 at 11:02 pm

Posted in blog

Tagged with , , ,

« How to prevent hotlinking to FLV files? (Flash Videos)
My WordPress hacked by c99madshell script »

2 Responses to 'Hindsight… It’s is a wonderful thing!'

Subscribe to comments with RSS or TrackBack to 'Hindsight… It’s is a wonderful thing!'.

  1. Heh, good to know, I’ve been on the same old version for ages as well :)

    Thanks for the link :)

    Greets

    David Cumps

    19 Jul 08 at 8:42 am

  2. [...] I’ve written more about it on my other blog. [...]

    Lee & Lucy’s Travel Blog » Attempted Hack

    19 Jul 08 at 12:46 pm

Leave a Reply