sleepw

I’m not trying to make them appear, I’m trying to make them disappear.

I already deleted the editor since I edit from notepad locally. Now I’m trying to delete Widgets..don’t use them, never will.

Now that’s a more useful post.

I do have access to my raw log files but parsing through them is quite a chore and I don’t necessarily know what I’m looking for. Most of the requests seem to be GET and I didn’t see any .exe but again I have no clue what strings to look for..and yes there were several .ru’s but they are probably spam attempts.

Aside from the db backup I also have a mirror of my site locally (WAMP) the file number and dates match where they should, but I have not gone to the point to compare the contents of the files – which can be done with certain utilities such as FolderMatch.

Injection attacks are fairly easy to troubleshoot as they usually break the CSS – either way, a quick look at the page source will reveal the extra code.

I’m curious about what happened not as a retrospective..but rather to proactively be able to identify the likely point of entry and seal it up. For example, I don’t allow user registration, if I remove that functionality by modifying the code will it seal a point of entry.

Every hacker knows where the front door is – I’d like to lock it permanently or at least make it harder than my neighbor’s.

Finally, I was never pissed off and my jokes were meant as jokes, nothing more.

Scenario 1: Hacker gets in to PC despite Hardware Firewall, Software Firewall, and up to date Virus protection. Why? Because it has to be my PC not the millions of PCs without firewalls and AV.

Hacker installs key logger. Forgoes stealing online banking and trading passwords because it will be much more fun to break into my website instead. Forgoes all my image galleries and photographic content. Skips the forums. Skips all the databases except the blog. Goes into blog. Hmm. Should he delete the content or 9 other tables. Why not delete all 12 tables.

Nah, he just deletes the tables that don’t have content. What’s the result? Error messages on the site! OMG, there are error messages all over the site. Table does not exist. I almost have a heart attack…all that work lost. Wait a minute not only is the site backed up but he/she didn’t touch the content! Thank God I was hacked by a mental retard. Site is back up in 15 minutes.

Scenario 2. Bot finds vulnerability with my WP 2.6.2 installation. Tries to delete all tables but for some reason 3 survive including the content.

Yeah, Scenario 1 is really much more likely. But hey, what the hell let’s be arrogant about it…2.6.2 can’t be hacked.

You do have backups and know how to restore them, right?

I thought the toothfairy did those?
🙂

1. There are no accounts, no users other than myself.

2. I don’t go into myphpadmin except to do backups..the export function is very different from the sql drop statement, so no I didn’t drop any tables.

3.Someone knows my password and userid? Only if they managed to install a keylogger on my PC when I wasn’t watching. If I was a hacker and I had a password and userid I would have deleted all the blog content first. Then I would have deleted my forums, my pixelpost galleries, my coppermine galleries, and I would have defaced what was left over. None of that happened.

Yes I did restore from backup – lost 1 or 2 posts which I restored manually given the content table was not touched. Given I was using 2.6.2 when I was hacked, all I can do now is wait for the next hack. I will be checking my raw log files this time.

If you hear hoof beats, you should look for horses, not zebras.