The Gomez Blog » hacking http://markandchas.com/blog Keeping up with theology, technology, and 4 crazy kids. Sun, 31 Jan 2010 04:04:22 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 A Cautionary Tale http://markandchas.com/blog/archives/164 http://markandchas.com/blog/archives/164#comments Sat, 15 Nov 2008 21:58:12 +0000 Mark http://markandchas.com/blog/?p=164 So Wednesday I got a decent night’s sleep and I showed up to work ready to be productive and knock out an item or two on my task list.  As I opened up my computer and checked my email to start the day, I found a message from a school parent saying there was a problem with the school’s website.  Apparently it was redirecting them somewhere other than the school site.  Same with the church site.  I opened a new tab and entered sspatriots.org and sure enough, there, in big bold letters, were the words “Owned by R—- and L—–” (I don’t want to put their names up and give them the satisfaction).  After a couple seconds, the site redirected the visitor to a Turkish rap site.  I wish I was joking.

So I logged into the backend, assessed the damage, contacted our host, and removed the offending files.  I got the site back up and it got hacked again.  As a matter of fact, it was the church site that got hacked, but they’re both on the same server so it affected both sites.  Well, I finally fixed it and found the problem and corrected it.

It turns out, when I built the church site, I used the then-current 1.5.4 version of Joomla.  They are now up to 1.5.8.  Apparently, there were some security issues with 1.5.4 that the hacker exploited.  So now the church and school sites have been upgraded to the latest versions and I’m keeping an eye on security updates.   And my task list is now longer than ever.

What?  Wordpress is at 2.6.3?  What am I running?  Oops, gotta go make some updates.

]]> http://markandchas.com/blog/archives/164/feed 2