My blog got hacked, probably at Blogworld Expo

Where better to steal blog passwords than over the open wifi at a blogger conference?

…OK, I don’t know for an absolute fact that’s where and how this blog got hacked, but it does seem extremely likely. So Blogworld Expo attendees, be forewarned — and check your blogs. Specifically, check the source code of your most recent posts — especially if you use WordPress.

Yesterday I posted about how a reader let me know that a huge chunk of spam had shown up in a post I made from Blogworld Expo in Las Vegas. As I investigated this further with the help of readers (especially Mihai Parparita) and my colleague Justin Crawford, I learned that someone had gained access to my WordPress installation (most likely by stealing my password) and inserted spam directly into my post. This problem appears to have started only very recently — while I was at Blogworld, on the conference wifi network.

Of course, this also could have occurred on the ethernet at my hotel in Vegas (the Marriott Suites on Convention Center Dr.) Or when I turned sharing on for my laptop to give a friend net access from my room (because they sell ethernet access per connected device, not per room — a total ripoff).

My hacker attempted to be a little sneaky about it. He/she used the CSS command “overflow: hidden” to keep the spam from appearing on my blog. But it did come through on my feed. Oddly, I couldn’t see the spam through my feed reader application Newsfire; nor did it appear in the built-in feed reader in Safari. But it was clearly visible in web-based feed readers like Bloglines and Google Reader.

I’m working to lock out this hacker and upgrade WordPress. But I’m also investigating how to prevent this from recurring. I travel a lot and go to a lot of conferences, so I’m on open wifi and hotel connections a lot.

Got any suggestions for preventing blog hacks? Please comment below. I have to leave on another trip shortly and could use all the help and advice I can get. Thanks.

13 thoughts on My blog got hacked, probably at Blogworld Expo

  1. Pingback: BlogWorld Wrapup, Michael Arrington No Show, & Getting Caught With My Pants Down In The Ladies Room - ShoeMoney®

  2. Pingback: - Twitter actually can be useful

  3. Never, ever, transmit a plaintext password over unsecured WiFi. Heck, probably not a good idea to do it over WEP’d WiFi either.

    Solutions: HTTPS, VPN — or just forget about the WiFi and get an EVDO card. A few trips to Starbucks/hotels/conferences a month and it will pay for itself.

  4. Amy,

    Looking back now, I may have also been hacked. I was trying to post to my blog so I could show the audience in my presentation something, and suddenly I lost my blog’s template. I’ll let you know when I find out what happens. Perhaps at the next meetup. Good luck!

  5. TDavid, Mark — yes, I’m definitely looking into an EVDO connection. Thanks. But I still need a more secure solution in the meantime. It’ll be a few weeks before I can pull that into place.

    – Amy Gahran

  6. Pingback: - This blog is still hacked, grrrrrrr…..

  7. This illustrates a critical security flaw in the design of WordPress and most CMSs (Content Management Systems). They do not provide secure https for logins, where passwords must be sent over the net, and administrative access. Only Plone , and maybe some of the Java based systems, seem to provide this capability, but only by tearing your hair out first. If WordPress provided it transparently, you would have used it, and your password would not have been stolen.

  8. Pingback: - Bluehost’s Bad Attitude: Customer Service 101

  9. Most all hacks are from people not upgrading their software.

    If you don’t make a ton of changes, just backup your template one time, then create or download a script to email you a database dumb every couple days.

  10. Pingback: Wow. My Bluehost account got hacked by Karen Chand…? | Ian Macalinao

Leave a Reply

Your email address will not be published. Required fields are marked *