Yesterday night conversation with Faith;
Faith (27/12/2005 03:45:56): apsal ngan blog ko
Hepan (27/12/2005 03:46:00): huh
Hepan (27/12/2005 03:46:02): apsal?
Faith (27/12/2005 03:46:10): haha gi la tgk
Hepan (27/12/2005 03:47:14): OMG
And what I saw was on the screenshot above… well yea, I’ve been hacked by some Turkish hacker. I believe he started it around 3.00 A.M according to my apache access log and he’s been playing around with the gallery PHP files. Like Zeo mention in my shout box, it was the Plogger (my gallery script) security holes which happen to enable the hacker to insert their injection thru the browser. He didn’t actually rewrite my index file, but instead he wrote a new .htaccess file that redirect the user to the hack page which is inside the gallery folder.
If you were running the Plogger gallery script, go ahead and apply the security fixes immediately to avoid any problem.
For the time being, I don’t plan to upload the gallery yet since I don’t have much time to reconfigure the layout to match this theme.
Anyway, my site now is using the new ajaxed WordPress 2.0. Upgrading was a breeze, I even manage to use my old quicktags (I have a lot of custom tag there) and most of the plugin is working perfectly.
Updated, Hisyam thanks for showing the world.. –“nothing is secure” :))