Blog Decontaminated (I hope)
May 12th, 2010
|
| Share |
Some may have noticed some annoying popups or fake computer security messages over the past couple of days. It turns out that a worm had exploited some weaknesses in Wordpress and attacked self-hosted blogs on my hosting service. I thought I had it fixed yesterday but apparently did not. Since then I’ve replaced all the major system files with new versions or backups and I’m not pretty sure that the site is back to normal.
However, the nasty thing about the little script that infected the site is that if any files remain infected it will spread to the remaining good files by replicating itself to the PHP headers. Thus, if I missed any it may come back. Please let me know if it does or if any other strange behavior occurs.
This entry was posted on Wednesday, May 12th, 2010 at 10:47 am and is filed under Announcements, Website. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
View blog reactions
May 12th, 2010 at 11:18 am
Hey, if you’re comfy with the command line, and can identify a bit of unique text in an exploited file, you could easily use ack to locate any remnants.
To install:
curl http://betterthangrep.com/ack-standalone > ~/ack.pl; chmod u+rwx ~/ack.pl
To run:
cd /my/www/root/folder
~/ack.pl ‘text to search for’
Technically, ack’s default argument is a perl regular expression, but those are a bear to learn, and you can usually just assume text will work.
Quote Comment