Categories
Site News WordPress Fixes

Hacked? Me?

For those of you that might have visited donburnside.com yesterday, you might have noticed a little something different. Different in as much as a redirect to some website that wasn’t english. Nothing bad as far as I could tell, just not here.

For those of you that might have visited donburnside.com yesterday, you might have noticed a little something different. Different in as much as a redirect to some website that wasn’t english. Nothing bad as far as I could tell, just not here.

Turns out, this was completely avoidable and has been corrected. You see, I never bothered to stop using the default ‘admin’ user. My password was brute forced and the main index.php file was over written, and my themes index.php file was blanked out. Good thing I had backups.

So, let this be a lesson to you. Don’t use WordPress with the admin username. While I’m a little late to this party, better late than never.

4 replies on “Hacked? Me?”

I’m fond of changing the nickname display too so it doesn’t give away your user name in posts.

Was your password set to “Guest” too? /Archer reference FTW.

brad.

Actually, it was 1234567, just like my luggage.

Now it’s a 128-bit, triple random string of characters (alpha and numeric) that I carry around with me on a usb thumb drive holding my keys.

Leave a Reply

Your email address will not be published. Required fields are marked *

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax

This site uses Akismet to reduce spam. Learn how your comment data is processed.