OK, so one sign of not writing enough on your blog is having it highjacked and you don’t even notice. Bleh. Somewhere between May 27 and today (Jun 4), some nefarious party registered itself and inserted nasty code into one or more of my pages… possibly through comments. When I tried to visit today, ZoneAlarm piped up and warned me that “wp-stats-php.info” is a suspected phishing site and would be blocked… meaning I couldn’t see The Mongrel Dogs, either.
But the 21st century is amazing. I googled “wp-stats-php.info” and found a ton of pages by users with a similar problem, and indeed, some with solutions. Yay. I am particularly indebted to the following people and pages:
- Richard Palace
- WordPress forums
- StopBadWare
- And especially, Jason Morrison
For the curious, my solution was to back up everything (just in case), then nuke the files and restore from an April backup. Having learned my lesson, I also upgraded immediately to the latest version of WordPress (2.5.1) which apparently doesn’t suffer from this vulnerability.
Minor editorial: Although the blame for not updating regularly lies squarely with me, I really think the WordPress crew should come up with a simple, one-touch way to do that. Right now, backing up the database is a scary proposition for someone not a MySQL pilot. There used to be a neat script that did one-touch backups but for reasons that I cannot understand, it’s been deprecated and removed. *sigh*
Leave a Reply
You must be logged in to post a comment.