Site was hacked

If you’re someone who noticed that the site was down for half
an hour or so this morning, I apologize. The site had been hacked
and I had to restore it to a version without drug ads all over the
version fed to text browsers.

One thing I don’t know how to back up is the widgets settings.
This is the things in the right sidebar that help you find the
posts most people read, or the ones about knitting, or how to
subscribe in an RSS feed.

I have most of the ones that are important to me back, but if
there’s something you like that’s gone missing, let me know.

Future plans

When people give you advice about how to avoid this problem,
they always say to make sure you have the latest version of the
software. I have in fact been quite conscientious about upgrading
laymusic.org to the
latest version of wordpress, and there’s a real possibility that
the hacking happened on the upgrade yesterday morning.

Certainly one of the problems that has meant very few posts
recently is a bug introduced in WordPress 3.1.1 and not fixed in
3.1.2.

I found this bug very shortly after upgrading laymusic.org, so
I haven’t “upgraded” serpentpublications.org, and it wasn’t hacked.

So I’m afraid the moral of the story may be that you shouldn’t
use WordPress, not because it isn’t good software with a large and
active community behind it, but because so many people use it that the hackers have
a large incentive to figure out how to hack it.

So if anyone has actual experience with one of the
alternatives, I’d be interested in hearing about it. Drupal and
Joomla are two that I’m thinking of looking into.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s