Hacked and mangled but still standing

Yes, it’s been a while since I’ve updated this blog but what you haven’t seen (or maybe you did briefly) is all the stuff I had to do just to keep it the same.

Some of you may have briefly seen the navigation menu oddly placed. That was because of countless invisible spam links inserted into one of my posts. Since my WordPress installation is always up-to-date, I’m thinking it’s probably a sql injection vulnerability in one of my plugins. I’ve been reactivating them one by one and now I’m reasonably sure which one was the culprit. I might reactivate it and combine it with the bad behavior plugin to see what kind of shady logs I get. Maybe later.

Or maybe it was a mysql security hole. I haven’t had any more attacks since my provider recently applied a security update to the database. But that somehow managed to mangle all my non-English text so I had to rebuild the blog from scratch with an export from the old database. As a result, you might have experienced a brief period of complete 文字化け.

So I’m finally in the last week of my online class for Project Management and assuming that I pass the final, I’ll be free at last to pursue other interests! I have a special project in mind which I’ll write about very soon.

2 thoughts on “Hacked and mangled but still standing

  1. Regarding SQL injection:
    http://xkcd.com/327/

    (Long story short, good code does not interpolate user-supplied data into the query. Good code uses placeholders and prepared queries. Of course, if you’re using plug-in code written by other people, then de facto you have mostly given up control over the code quality.)

    > I’ll be free at last to pursue other interests!

    Yeah, that’s always nice.

Comments are closed.