In case you haven’t noticed, or are reading this through a RSS feed reader, the blog got a little update today. There were a bunch of reasons why, but primarily for security. The theme I had been using was full of security holes and old depreciated plugins. I had dodged a couple previous bullets with people trying to hack in but this time I wasn’t so lucky. Someone exploited a PHP hole and injected some evilness into one of my plugins. My host caught it nearly immediately, but in the 3 minutes it was there the person turned off notifications (so I would get emails about new users), registered themselves as an admin, and injected code into just about a half dozen PHP files. I spent most of today cleaning up the mess.
The real kicker is that my passwords are strong, unique, and 30+ characters. My passwords are all different and never reused. WordPress itself was completely up to date, as were the major of the plugins I use. It was the old theme that let them in. They exploited the only hole they could find. Let that be a lesson, nothing is 100%. I installed a couple additional plugins as well, just to help things a long. A security suite that actively bans IP ranges with failed login attempts, as well as one for traffic monitoring and a service for cloud backups.
That leads us to the theme, which is new. Among other things, it allows for some newer bells and whistles. The Cards page now has dropdowns for the sections and the About page has a little CSS trickery, to name a few. I’ll be messing with it more over time.
That’s all for now.
Honestly… don’t people have better things to do? lol
Sadly, no, not really. It’s all “bot net” crap. Most of it is automated. Someone writes a script to scour the web for known cracks in security. Once it’s found, it’s exploited nearly immediately. For a week now I’ve been hammered by numerous IP ranges in Russia and China. I just blocked the entire continent (no joke).