My blog got hacked, probably at Blogworld Expo

Where better to steal blog passwords than over the open wifi at a blogger conference?

…OK, I don’t know for an absolute fact that’s where and how this blog got hacked, but it does seem extremely likely. So Blogworld Expo attendees, be forewarned — and check your blogs. Specifically, check the source code of your most recent posts — especially if you use Wordpress.

Yesterday I posted about how a reader let me know that a huge chunk of spam had shown up in a post I made from Blogworld Expo in Las Vegas. As I investigated this further with the help of readers (especially Mihai Parparita) and my colleague Justin Crawford, I learned that someone had gained access to my Wordpress installation (most likely by stealing my password) and inserted spam directly into my post. This problem appears to have started only very recently — while I was at Blogworld, on the conference wifi network.

Of course, this also could have occurred on the ethernet at my hotel in Vegas (the Marriott Suites on Convention Center Dr.) Or when I turned sharing on for my laptop to give a friend net access from my room (because they sell ethernet access per connected device, not per room — a total ripoff).

My hacker attempted to be a little sneaky about it. He/she used the CSS command “overflow: hidden” to keep the spam from appearing on my blog. But it did come through on my feed. Oddly, I couldn’t see the spam through my feed reader application Newsfire; nor did it appear in the built-in feed reader in Safari. But it was clearly visible in web-based feed readers like Bloglines and Google Reader.

I’m working to lock out this hacker and upgrade Wordpress. But I’m also investigating how to prevent this from recurring. I travel a lot and go to a lot of conferences, so I’m on open wifi and hotel connections a lot.

Got any suggestions for preventing blog hacks? Please comment below. I have to leave on another trip shortly and could use all the help and advice I can get. Thanks.

If you liked my post, feel free to subscribe to my rss feeds

Post meta

This entry was written by Amy Gahran and posted on November 11, 2007 at 10:23 am and filed under Amy's Adventures, blogs, events, problems. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment(Latest is displayed first) or leave a trackback: Trackback URL.

Share with others

Post My blog got hacked, probably at Blogworld Expo to digg.

Post My blog got hacked, probably at Blogworld Expo to Reddit

8 Comments so far (Add 1 more)

Sorry to hear that your blog was hacked, this is a problem when you use someone else’s software, you do not know how well the code is written.


2. Murfreesboro Cabling on October 12th, 2008 at 3:26 pm
Most all hacks are from people not upgrading their software.

If you don’t make a ton of changes, just backup your template one time, then create or download a script to email you a database dumb every couple days.


3. Hacker Forums on October 7th, 2008 at 1:00 pm
This illustrates a critical security flaw in the design of Wordpress and most CMSs (Content Management Systems). They do not provide secure https for logins, where passwords must be sent over the net, and administrative access. Only Plone , and maybe some of the Java based systems, seem to provide this capability, but only by tearing your hair out first. If Wordpress provided it transparently, you would have used it, and your password would not have been stolen.


5. Chip Neville on November 13th, 2007 at 7:51 pm
TDavid, Mark — yes, I’m definitely looking into an EVDO connection. Thanks. But I still need a more secure solution in the meantime. It’ll be a few weeks before I can pull that into place.

- Amy Gahran


7. Amy Gahran on November 12th, 2007 at 11:48 am
Amy,

Looking back now, I may have also been hacked. I was trying to post to my blog so I could show the audience in my presentation something, and suddenly I lost my blog’s template. I’ll let you know when I find out what happens. Perhaps at the next meetup. Good luck!


8. Jim Turner on November 12th, 2007 at 10:21 am
Never, ever, transmit a plaintext password over unsecured WiFi. Heck, probably not a good idea to do it over WEP’d WiFi either.

Solutions: HTTPS, VPN — or just forget about the WiFi and get an EVDO card. A few trips to Starbucks/hotels/conferences a month and it will pay for itself.


9. Mark Jaquith on November 12th, 2007 at 10:16 am
Suggestion: get your own EVDO connection — don’t use conference WiFi which usually suck anyway.


10. TDavid on November 12th, 2007 at 10:11 am
Amy,
If it’s any help…it was also in my Feedblitz email feed.


12. Bill Henderson on November 11th, 2007 at 8:15 pm

5 Trackbacks

By Wow. My Bluehost account got hacked by Karen Chand…? | Ian Macalinao on January 3, 2010 at 1:20 pm

[...] Also, the URL cardenro.com is traced to a Miriam Garcia of Sunnyvale, CA. This is a private registration, though, with the email address of contact@myprivateregistration.com. Also, note the cardenro.hacker2860.com. Hacker2860.com is not a registered domain name, but I found some results to hacker2860 showing him as a Thai person. He is probably a hacker who just hacks for fun. At least my blog didn’t get hacked. [...]
By contentious.com - Bluehost’s Bad Attitude: Customer Service 101 on February 2, 2008 at 10:59 am

[...] were generally going OK with hosting both sites on my Bluehost account, until last November, when Contentious got hacked — someone sniffed my password when I logged on over open wifi and inserted spam into my blog. [...]
By contentious.com - This blog is still hacked, grrrrrrr….. on November 13, 2007 at 8:49 am

[...] in advance to my readers, but it appears my hacker woes are not yet [...]
By contentious.com - Twitter actually can be useful on November 12, 2007 at 9:55 am

[...] the weekend, I found Twitter useful when I learned that my blog was hacked by a spammer. As I rushed to understand what happened and what I needed to do to fix the problem, I [...]
By BlogWorld Wrapup, Michael Arrington No Show, & Getting Caught With My Pants Down In The Ladies Room - ShoeMoney® on November 11, 2007 at 4:38 pm

[...] Amy Talks About how her blog got hacked while at Blogworld (HELLO OPEN WIFI = BAD) [...]