dk or Purpose Inc Appeared In:











































April 8 2008

My WordPress Blog Got Hacked Right Next To Matt Mullenweg

Written by / Posted in wordpress / 15 Comments

Elite Retreat was fantastic. One of the best things of all was that on the first day, I got to sit next to Matt Mullenweg in the back of the room. I would have spent $5,000 just for that! When Matt spoke, he spoke about WordPress 2.5 that had just been released and encouraged us to update our wordpress installs.

Here is a picture of my actual computer, with my blog at bodyabcs showing on the screen right next to Matt Mullenweg. I could see my blog looking jealously over at Matt hoping it would work on it.

Matt left that night, and was unable to come back the next day because of jury duty. The second day I was sitting there looking at my bodyabcs blog and I noticed a few letters at the top of the screen. (This must have happened some time in the past week.)

It said 1f57. (red arrow added to be obvious) What the hell is that? I figured that when I was customizing the header I must have added a few random characters without realizing it.

The funniest part is at this exact moment, Jeremy, Shoemoney, Schoemaker started talking about how important it is to update your wordpress instalation so you don’t get hacked. He had no idea that at that moment I had discovered I had been hacked! It was hilarious that I am struggling in the back of the room to save my hacked blog while Jeremy is discussing how to avoid it.

So I clicked open the source code, and guess what? I had added around 500 links to every page without realizing it! 😉

I looked over to my right, and there was Dave Dellanave, Shoemoney’s ace programmer sitting 3 feet across the isle from me banging away on the keys creating fighters.com their new ultimate fighting site! By the way, I hung over his shoulder watching him code, update the site, look at the site, write code, fingers flying, hand coding in a text editor, site evolving, it was beautiful!

So I show Dave my source code, and ask him what is up? He says, without looking up from his coding,

Dave – “You were hacked, what version of wordpress are you using”?

Me – “Achem”… “It is is an old version”.

Dave – ” Update your wordpress software”

Me – “I have no idea how”?

Dave – “Just untar it”

Me- “I know how to download it to my site, unzip it, and then just copy it over, will that work”?

Dave (still clicking on his keys) “Sure”

Me – “I never would do this at home. It is like having a programming lifeguard watching you while you swim”.

Dave – (click, click, click, click, click)

I then go to wordpress.org and download the newest version zipped. I then unzip it. I then copy the files across to my server simply replacing the old one with the new ones.

I then change the password on my database and also change it in the wp-config.php file.

I then confidently open up my blog, and get an error message.

I then literally drop my computer right in front of Dave and say “Help me!”

He then clicks the button that says, UPDATE DATABASE.

My blog then works perfectly, I am now in wordpress 2.5.

 

When I look at the page source, the links are still there.

Luckily Jeremy Hermanns is hanging around and jumped right into my wordpress blog, but not before telling me to clean my keyboard!

One of the truly amazing things that was present at the Elite Retreat was the level of trust amongst the attendees. We all just left our computers opened, often logged into servers and other software. People would leave the room with their machines with all of their million dollar secrets just sitting right there. In this case, I just let Jeremy run wild in my machine, something I would normally never allow someone to do.

Jeremy suggested we look at the footer, to find the links. Sure enough that is where they are.
Half of the links are to zen habits dot net.

 

The other half of the about 500 links are to jp aerospace dot com

Neil Patel then told me he knows the guy who has zenhabits. I laughed pretty hard, and am going to ask Neil to send a link to this page to him. Neil did not think zenhabits would have done this. I looked deeper into this amazingly long code of hack and found more links to jpaeropace dot com. I wonder if he is the real culprit here, and only put the zenhabits links in earlier to throw people off?

Either way, I would love the zenhabits guy and the jpaerospace guy comment here and tell us what is up?

Moral of the story? Backup your blog. Keep your wordpress installation updated!

Getting hacked was really fun. Getting hacked the day after Matt Mullenweg personally told us to update, and a few minutes before Jeremy started talking about why we should update was absolutely priceless! Having a programming problem where I could get help from Dave and Jeremy Hermanns and input from Neil Patel just made it it a fun game. If it had happened at home, it could have been a big pain in the ass.

Having it happen at the Elite Retreat just showed how amazing all of the attendees and speakers were, and how quickly they can solve a problem.

  1. dk said on April 8th, 2008 at 12:16 pm

    I have now e-mailed the two sites that had the links to them, and am waiting to hear back what they say 😉
    dk

    Reply
  2. MikeonTV said on April 8th, 2008 at 12:33 pm

    I helped a friend yesterday with this issue. It looks like ZenHabits has a plugin installed called “Optimall-title.php”. There is an old (legit) plugin called “Optimal-title.php” (one “L”) and that is maybe why the exploit would go unnoticed. Both sites redirect links to spam and the host webmasters should be contacted.

    Reply
  3. Slaven said on April 8th, 2008 at 3:13 pm

    It was pretty funny watching the flurry of activity behind me… 🙂

    Reply
  4. Jeremy said on April 8th, 2008 at 9:25 pm

    DK,

    I’m just glad it was a simple fix, some of those hackers delete all files except a few “place holder” html’s.

    **Learn from this folks – upgrade your WP ASAP! It’s easy and benefits the whole family.

    Hope all is well in SD, thanks again for all your help too!

    Reply
  5. Zach Katkin said on April 9th, 2008 at 11:54 am

    Great Story. I got to see Matt speak at FOWA and he was great, probably the best speaker (I personally took away the most).

    Reply
  6. Leo said on April 9th, 2008 at 7:44 pm

    Hi dk … sorry to hear about your spam problems, but it definitely wasn’t me. Zen Habits was hacked too, and there are tons of spam links in my code now. I think it was an exploit of a plugin, and my tech guy is doing a clean install as I don’t want to screw things up. 🙂

    Anyway, sorry for any problems this might have caused … will fix asap!

    Leo
    Zen Habits

    Reply
  7. Leo said on April 10th, 2008 at 11:37 pm

    Hi dk,

    First, thanks for the heads up. I most certainly didn’t do it and I really apologize. I was just alerted to this spam on my site and I’m having my tech guy fix it with a clean WordPress install. I think that the spam on my site came from another site, just like your spam came from my site. Must be a kind of virus or WP exploit something, I’m not sure.

    Anyway, my apologies again. Will fix asap.

    Leo

    Reply
  8. dk said on April 10th, 2008 at 11:48 pm

    Leo,
    It is no problem. Neil said there was no way you were involved in it. The whole thing was actually very funny, a good learning experience, and made for a good blog!
    dk

    Reply
  9. dk said on April 10th, 2008 at 11:51 pm

    Hey Leo!

    I figured out why I had not seen your comment. Askimet, the wordpress plugin that catches spam thought your comment was spam, and put it in the spam bin.

    You may want to contact Automatic http://automattic.com/
    Who handled askimet. Otherwise your comments may end up in the Spam bin.

    dk

    Reply
  10. Gyutae Park said on April 11th, 2008 at 8:52 pm

    Hey dk,
    Getting hacked is never fun. At least it was a good thing that it happened while you were at Elite Retreat right?

    Cool site you’ve got here. I always wanted to go in somewhere to get some massage therapy. See ya next time.

    Reply
  11. John Motson said on April 16th, 2008 at 2:51 am

    Hey at least you got hacked while at Elite Retreat lol, with 50 wordpress pros at your calling :)!

    Good for you for having a cool and positive attitude by the way.

    John

    Reply
  12. dk said on April 21st, 2008 at 12:35 am

    All I could think during the process was,
    “This could be some really fine link bait, Go Spammers!!”

    Reply
  13. Sketchplanet said on May 19th, 2008 at 9:27 pm

    I wouldn’t of left my computer open – too much stuff on my laptop, but good story.

    Reply
  14. Hacker Forums said on October 7th, 2008 at 3:01 pm

    Most all hacks are from people not upgrading their software.

    If you don’t make a ton of changes, just backup your template one time, then create or download a script to email you a database dumb every couple days.

    Reply
  15. SnowBall said on July 14th, 2010 at 11:37 pm

    Man, that’s horrible to be hacked. I didn’t know that if you didn’t update often, this could happen. It’s really ironic that you were at Elite Retreat that day. That’s very lucky!

    Reply
What do you think? Join the discussion...
How do I change my avatar?
Go to gravatar.com and upload your preferred avatar.