I hate hackers.
If I were king of the world, morons that get their jollies by stealing passwords, infecting sites with malware, defacing sites, and any other kind of mischief, would get the death penalty. No appeals. No delays. We’d string ’em up, preferably in public, with mandatory coverage by the networks. (Obviously, the networks are acquainted with mandatory programming – they cover every Obama presser, so they shouldn’t have a problem with a sensational, money-maker like a public execution.)
Not so fast.
Unfortunately, it was not – I soon discovered that every site hosted from within my account had been affected. Even worse, as soon as I’d clean up the index files, they’d get re-infected. My webhost technical support suspected that the problem was due some older versions of WordPress, running on client sites. I discovered that a number of blogs I’d set up for others were running older versions of WordPress. Sounds insignificant, except that they exposed every website hosted through my account to the malicious code. How? Well, when WordPress discovers a vulnerability, they publish a fix, then publish a list of all the vulnerabilities. That may sound like a good idea, but if you don’t upgrade immediately, it’s essentially posting a sign on the ‘net, that lets all the bad guys know just how to worm their way into sites that haven’t upgraded immediately.
Even more aggravating, I’ve got one blog – blog.grokmedia.com – that is getting messed with every couple of days. Some idiot is adding in what’s called an iframe tag in a header file, making the site inaccessible, where it will display a blank page.
Hopefully, I’ve gotten everything cleaned up, and secured so that the hackers will leave my sites alone, and look for easier sites to hack.
It makes me wonder, though, if these guys are so accomplished at writing code, why they think it’s okay to amuse themselves by harming others, instead of simply using their powers for good.
Further updates as details warrant.