I just realized today that my web hosting account was hacked on (apparently) January 19. Nothing was destroyed or lost, but the script (that just about found its way into every directory of mine) liked to tack on about twenty thousand bytes of spam to the bottom of each page. The pages still looked okay from a browser, but it borked my RSS feeds. If you rely on Feedburner to get notified of my posts, you probably haven’t seen anything until today’s notification finally went out as I cleaned things up.
Not that you missed a ton of posts. I haven’t been posting much lately:
If you self host your blog(s), this is a good reminder to do the following:
- Keep all your apps up to date! New versions fix old vulnerabilities.
- Don’t use obvious passwords. Make ’em tough and try to change them often.
- Backup your files! Back up your databases!
I actually have 39 web sites hosted on this one account, so you can imagine it’s tough for me to keep everything up to date all the time. The oldest version of my site is still out there for anyone to see, and I’m pretty darn sure it was the gateway for whatever attacker hit me. That’s all been fixed now. I was lucky the hack wasn’t malicious. Things could have been a lot worse!