And we’re back (updated)
The blog was attacked Monday afternoon by an automated script which used a WordPress 2.1 security hole to add prescription drug ads and random text to some of the posts, and prevented other posts from being created or edited. The ads pointed to a server, brokensaints.com, which itself may have been hacked. Lesson: stay up-to-date on patches.
The tricky part is that we run a heavily customized version of WordPress, so every little security patch requires a bunch of work to port the code. Lesson: rewrite hacks as plugins for easier upgrades.
The WordPress database backup plugin reported that it was backing up the news stories as well as the main posts. It lied, so two years of news stories, new releases and events have evaporated into the ether, or the Google Reader cache, in addition to all sorts of plugin configuration info. Lesson: use the command line to back up your database instead of relying on plugins.
Clusterfuck all around. Welcome back. We’re now on the latest WordPress.
Update: ISP backups save the day, or at least the news stories.
on Thursday, February 7th, 2008, 12:18 pm in Blog, Tech › 
Email this
› 
Facebook this
› 
Reddit this
› Link
› Reader links
Wow. That blows.
something seems different. is the news rail shorter? and did you shorten the amount of stories that the news rail rss feed displays?
anyways, glad stuffs back to normal. thanks for fixing it up as quickly as you did.
Yeah, all the data was deleted. The feed should be unaffected for stories newly posted.
i’m no techie, but i just discovered this plugin. don’t know if it’ll help you at all, but it made backing up and upgrading a one-click operation for me. of course, the customization on my blog is a small fraction of yours.
Thanks, GG.