Blog hacked. Partly restored. Migration done.

theory.isthereason mothership is down

Hello dear readers, an unfortunate event has happened. My blog was hacked with index pages replaced. You may still be able to read this from my RSS feed.

This was all the hacker left behind:

r00ted by nEt^DeViL .. Peace .. Damn Israel .. Just t3sting my t00ls .. net_devil@hackermail.com

Unfortunately my WordPress 1.5.3 install was hosed, so I was forced to make the scary update to WP 2.3.3. Turns out the update was painless, but my personalized blog theme would no longer work. Argh.

While I migrate to a new web host, keep in touch with me via twitter, netvibes or friendfeed.

Update: I’ve got full functionality back. I’ll be migrating web host soon. Migration to BlueHost.com was a success!

Shoutouts: John Larkin for being the first person to alert me to the hack (even sent a screenshot!). Alex Halavais, Peter, Shady, Ben Koe and Lucian for sharing advice on recovering my blog. vantan, Siva, Kenneth, for blogging about it. SimplyJean wrote about it too, which later appeared up there on Ping.sg. Finally, thanks to folks like the RamblingLibrarian, Brian Koh, MrBig and Bernard Leong for checking in on me. Most of you are now featured on my coveted revolving blogroll (see blog sidebar).

  • nuMentally

    I think you have been hacked by Chinese “white” hacker because of your research.

  • http://imknight.net knight

    wah .. 1.5.3 thats very very very long long time ago ..
    upgrade often pal !

  • http://theory.isthereason.com Kevin

    Cup of tea then, let’s celebrate. I still have to migrate and blah blah blah, so don’t hang your hats yet!

  • http://investigativeblog.net barry

    aw damn, sympathies Kevin.

  • http://lancerlord.blogspot.com lancerlord

    With your level of expertise, of course it is painless. kekeke….

    Glad that you are back on track.

  • http://blog.larkin.net.au/ John Larkin

    Good to see you up and running Kevin. I have a screen shot of the early hack if you would like it.

    Cheers

    John

  • http://theory.isthereason.com Kevin

    Hey Barry, Lancerlord and John, thanks for checking in. It’s all fixed now, except for a few bugs with the new blog update. No need for the screenshot John. Thanks! :)

  • http://lesterchan.net GaMerZ

    WP 2.5 is going to be out before the end of this month, so you may have to upgrade it again =D

  • jer

    nothing like a good rooting as a reason for a revamp. nice job on getting up online again!

  • http://theory.isthereason.com Kevin

    @GaMerZ: So I hear. Looks like WordPress 2.5 is going to be exciting. :)

    @jer: Thanks for your kind words. :D

  • SJ

    Hi, just wondering if you can share in layman terms how you got back your blog and how to do backup?

  • http://theory.isthereason.com Kevin

    @SJ: Good question. The most typical hacks involve programs or scripts to test for your web server’s security holes. Once found the hacker usually replaces all instances of index.htm or index.php files, which are the primary pages of most web sites. If you do regular backups of your web site (ftp your entire web site down to your local computer), this shouldn’t be a problem to fix. Just replace the bad files.

    The posts, comments and other data on your blog are usually store in a MySQL database (WordPress does that), and most of the time that’s unaffected. The WordPress Codex shows you how to backup and restore your blog’s database, good if things go wrong, or if you’re migrating / moving server like me.

    I hope this helps. Would you prefer something more elaborate?