Tonight, this site was hacked by a fellow named c0rpman from Russia. Unclear on the exact mechanics of the hack, but there was a vulnerability in wordpress that I didn’t update to protect against right away, so I suspect that is a big part of what happened. There was a very interesting script left laying around; my passwords were changed. All the posts were deleted, and this message was left on my blog homepage:
D3fAcED bY hSw team--->#197297672
I had an interesting chat with c0rpman as well, as he contacted me via IM to tell me that my site was hacked. We discussed how he did it and why, and possible measures to prevent it from happening again. I suppose I am a target and there are other WordPress vulnerabilities that have yet to be disclosed. Fortunately, my web hoster (pair.com) has a backup of the database from about a week ago, and what you are seeing now is what they could piece together from the backup. I had some problems with very old posts–posts older than about March of 2006–not making it due to some MySQL database error, but I think it is fixed now. The pair.com techs have been very patient, helpful and responsive! I’m definitely not a PHP or MySQL expert, so this has been a learning experience on multiple axes. Comments and posts made within the last week are lost, but I’m willing to live with that.
For the record, I did try using a tool called warwick to recover some of my data from web caches, and many readers have offered their cached feeds and data to me. I really appreciate everyone’s help. It’s very supportive and touching in a time when I’m feeling vulnerable and definitely needing help. However, in the end it is better that my eyes are open, rather than ignorant. It’s not the first time I’ve been hacked, and it won’t be the last, but every time I learn something new and important. It is also comforting to know that there are so many helpful friends and strangers out there. Thanks to everyone for helping me sleep well tonight!