Yes, Kyle’s Cove Was Hacked
October 2nd, 2007
Last night and this morning I have been dealing with the aftermath of being “hacked.” While I started responding to e-mails from my readers individually, I decided it would just be easier to make a quick post to say that I am indeed aware of it and I believe it has been taken care of.
Unfortunately, I had been neglecting upgrading my version of WordPress because I enjoyed having the post preview window. The problem with not upgrading, however, is that it leaves your blog open to known security vulnerabilities. It looks like someone visiting my site was able to get my WordPress admin information through one of these vulnerabilities and gain access to my control panel.
Once hacked, I was left with the following note:
As far as I know, everything should be taken care of now. Here a few observations regarding today’s events:
- It appears the attackers intentions were good, but I can’t help but feel a little violated. Sending me a note via my contact form would have been the best route to go, or at a minimum, the hacker should have just left a post draft rather than actually making a post by “me” on this website.
- In addition to feeling violated, I try to look at things in a positive light. The fact that my blog was hacked shows that this blog is growing in popularity. A year ago I don’t think my site would have ever been noticed by a hacker.
- In addition to the flood of e-mails I received from concerned readers, I also received a few inbound links, so in a way I guess the hacker helped me a bit!
how can i add my website url on facebook for back link? 
Great work man! I only use SEO for firefox and SeoQuake 
No, Gravatar does not have an affiliate program. 
Does Gravator have an affilitate program? 
Great list. All the important ones covered. I've made my own Top 10 list at the following;
http://thatimportantblog.blogspot.com/2009/07/10-best-greasemonkey-userscripts-2009.html
Please leave a ...
Loading ...
Yeah, I saw that post in my feed reader. For starters remove ALL indications that state what version of WordPress you are running. I see that you have it in your footer, and also in the header:
This makes you an easy target because bots can crawl the Web looking for outdated versions of WordPress.
darn it, I thought my code would show up. This is what you have in your header:
<meta name="generator" content="WordPress 2.2.2" />
Thanks Ryan, they were easy fixes!
No problem. I’m guessing that was how the hacker decided to even try your site. It’s always better to keep people on a need to know basis.
Hey Kyle,
When I saw the header I thought you must have posted a new topic about notes to yourself.
On closer scrtunization I saw that you were actually hacked that’s when I contacted you
Hopefully this will be a lesson to all how crucial WordPress upgrades are.
Ryan – Yeah, I can see why more people don’t have that. I always thought it was cool so I had manually added it to the footer.
Keith – Very true! My main reason for upgrading was that I don’t actually host my site, instead I am very fotunate to have a friend hosting it for me. The problem is, I don’t like to bother him to much to upgrade me, so I only do it after major upgrades instead of after every security fix.
After this hack, I had to go into CPanel and upgrade there to get the problem fixed right away. Going forward, I guess I will have to use this method to stay on top of upgrades!
Kyle – be happy that you only had 1 message posted [and a nice one I may say]… he could do more ugly things
ps: I’m glad that my screen capture become a star
– joking :p
Glad to see no damage done. I was in my feed reader when that post came across. Hence the message to you.
And it motivated me to finally upgrade WP.
Welcome to the big time!
I noticed it last night and thought it was, a little funny. But, luckily they didn’t do anything malicious to your blog, that would have been terrible!
Thanks for the reminder, sorry that it was at the expense of getting hacked. :c( Glad your blog is back to tip top shape!
Don’t forget to keep your Wordpress plugins up-to-date too. They are a source of security vulnerabilities too. Thankfully that task is easier with the latest version of WP.
This is going to make me update to the latest version of Wordpress .
Chris – Yeah, I actually used your screen capture because I forgot to take a screenshot before I deleted it
Jay – I think you got the first message in to me. I’m not sure what you win except a friend for life!
Dean – Great point! I actually update many of my regularly updated plugins weekly, but I designate once a month to update all of them. So far, this practice helps with security updates as well as getting new features and bug fixes.
no problem Kyle
I was just joking :p
Wow… what the hell was that about? Sheesh… current on my WP install or not… I am doing a full back up right now! I usually do one once per week, but with my blog accumulating as much content and comments as it is, I very well my set it up to back up daily.
Garry – Yeah, you are probably getting to the point that you should backup daily, or at least every other day. Thats got to be a lot of maintenance with all the blogs you have!
Ha!!! I would to be able to hire someone to take care of all that… I don’t make quite enough to do that just yet… in the mean time, yes… I sweat bullets when it comes time to update WordPress across the board.
Whoa. Thanks for the warning. I’m going to update mine now. Not that I have anything to worry about being that I only have two readers, one of ‘em being me and the other, my mother’s dog. But, you know, better safe than sorry.