Visitors to this blog may have noticed many things broken or not got anything but a 404 for the last 12 hours. My apologies – most is now fixed, but let me explain. Last night, about 5 minutes before I went to bed, I got this email:
from: “email@example.com” <firstname.lastname@example.org>
subject: Update [Incident ID: 2110748] – Information Regarding Your Account for tamaleaver.net
Support Staff Response
It has come to our attention that your tamaleaver.net hosting account is running a vulnerable version of wordpress. This has caused an attacker to upload malicious content to your hosting account. We have removed the malicious content and have disabled the vulnerable script.
To prevent further attacks, we request that you update your version of wordpress as soon as possible. We appreciate your cooperation in this matter.
Please let us know if we can be of further assistance.
Advanced Hosting Support
I was a little surprised since I was running 2.1.3 which, to the best of my knowledge, was fine (and I was not running the buggy 2.1.1). However, I figured I’d check in the morning what had been deleted – I presumed a script that wasn’t part of the standard WordPress world, so that was fine. However, to my horror this morning when I checked, I found that “support” (and I use the term very broadly) had done at least two things: deleted my entire wp-admin directory, and deleted a number of image files (the reason for which I can’t even begin to fathom). As a result, this blog has been rather stuffed for the last 12 hours. Since it was broken anyway, I’ve now upgraded to WordPress 2.2 and got almost everything back and running. However, a month’s worth of uploaded images were deleted, and I’ve not backed up since the end of April, so they can’t be recovered (thus, if you find a blog post with an image missing … primarily from posts in May 2007, this is why; I’ll try and replace them at a later stage.)
So, sorry for the downtime, if I had any control over it I’d promise it wouldn’t happen again! That said, the support folk at secureserver (whom GoDaddy use) will be getting a rather frank email about the over-deletion of my files, and, more to the point, a request to exactly what they think happened since I’ve seen no evidence myself of any malicious content.
Didn’t writing a thesis teach you anything??? BACK UP BACK UP BACK UP (says she who is currently over-saving in a paranoid fashion!!!)Sorry to hear you lost all that work…
Hey Jo – Yes, you’d think I’d remember the backup mantra! Of course, my main silliness was relying on my host not to stuff around with my files. 🙁 Hope your backing up means that the end is roundly in sight now! 🙂
Ick. Been there recently too. Whole blog went “kthxbai!”.