Category Archives: Uncategorized

Well, I got hacked.

“Hacked by Imam with Love”

Well, that was all the impetus I needed to get my upgrades in order and update to https.

Editing to add more info.

So, it looks like I’ve been getting hacked about once a day for the last two weeks, but the only damage is that my last post got replaced with bragging rights about the hack, and then they spent the last two weeks fighting over who gets to display the bragging rights.

The exploited vulnerability is this one: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

So my user accounts weren’t compromised, and my password is secure, but WP once again introduced the sort of hack that let you do just about anything without even logging in. If I’d been on the ball about getting my updates sorted, it wouldn’t have happened, but I’ve been busy and can’t use the auto-updater any more so I’d been putting it off because manual updates are a pain in the ass.

Far as I can tell, they only edited the one post and I’ve reverted the content on that. Doesn’t seem to be any more damage.

ETA (2018-03-22): found a second post, still haven’t found much damage…

With great geekery

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

I love this. This is what you get on some linux systems when you use the sudo command for the first time. I just love how simple yet effective and geeky it is.