Well i was hacked…

I didn’t get around to keeping wordpress up to date and finally the punishment came when someone hacked the site adding lots of nasty links to my posts.

Luckily some benevolent guy sent me this email:

Subj: Your blog’s version is old and has been hacked. Update ASAP!

Regarding www.hhjensen.eu,

This email is not an April’s fools email and it has been sent to notify you that your blog’s version is old and needs to be updated ASAP as it was hacked.

While tracking some Viagra spammers I have come accross several links coming from your blog and, after testing it, it appears your blog is 2.1.* generation hence vulnerable to SQL injection blind-fishing attacks. Search Google to learn more. In a few words: spammers can take full control of your blog in a matter of minutes and deface it at will.

These attacks are as serious as they can get as the spammers have full access to your blog and add hidden HTML elements to mask their links.

You MUST update your blog to the latest official WordPress version and manually clean your last 5-10 posts of the parasite links which you will only see in HTML view.

Not doing so may attract severe search engine penalties as you are currently linking to sites with VERY bad reputation.

Hoping you will take required action,
A.S.S. (Anonymous Security Specialist)

PS: I got your email address from your Dashboard / Users Management Section. I have warned many during the past months regarding the vulnerable blogs, being a blogger myself, but it seems I haven’t warned everyone. Lateste WordPress is secure.

PPS: Your login name is admin and password hash is 90eef6ccd860baaa2d1476c024f06034

So this blog is now updated to 2.5 and hopefully i got rid of all the nasty links.

Thanks A.S.S. :)

Leave a Reply