The story behind my website’s new look

You might have noticed that my blog has a new theme! Itâ€™s wonderful that with WordPress, changing to a new theme only takes a few mouse clicks.

However, there was a bit of drama behind why I made the change – unfortunate, but a valuable experience indeed. My website was hacked.

On 3 Aug 10 at 1532h, I received a notification email from my blog telling me that a password reset via forgotten password function has been actioned successfully. Knowing that I am the only registered blog user, this was one of two scenarios: either it was a hoax email, or my blog had been compromised (I’ve blurred the name of the hacker who claimed to be responsible, to protect his/her identity):

By the time I read the email, I was on my way home from uni, so the only thing I could do was to assess the situation to find out what has happened. Loading up my website from my phone, it was very clear that my website had been compromised. The immediate action for this security breach was to shut it down completely, but unfortunately I didn’t have access to my web host password then. It’ll have to wait until I get home. I seems that it was a website defacing attack, hopefully with minimal damage.

So, by 1730h, I’ve suspended the entire website first to stop the defacement from being accessible by the public, and then I proceeded to assess the damage. The database content was intact, WordPress itself was intact and functional, and the only damage I could find was to the WordPress theme. That black page really does not look like Sadish’s MistyLook theme. I’ve established what I needed to do fix the damages and recover from this incident. While I’m at it, why not choose a new theme for a makeover!

At 1945h, I reactivated my website, regained control over my WordPress account, but restricted it so no one else has access to the site while it was staging.Â By 2400h, and after a period of testing, my blog was good to go again. With a brand new theme to replace one that was hacked.

Now, what I still don’t understand is, how was it possible that my account email address was changed (so password reset could succeed). Was it through some kind of SQL injection? Have you had a similar experience, and what did you do?

All that I’m worrying about now is whether or not a backdoor was left somewhere I couldn’t find… Without knowing the mechanism of entry, how do I take steps to ensure that it doesn’t get exploited the same way again?

Tags: blogging, hack, website

Admin | Edmund Tse | 7 Aug 2010 22:39

Search
About this site

This is a blog about fascinating encounters with technology. By Edmund Tse, a student at Sydney University, Australia.
Twitter Updates
- C++11 Style: A Touch of Class - a fantastic keynote presentation by Bjarne Stroustrup http://t.co/yPznPm6P 7 hours ago
- Just passed King County ESAR Course II this clear, sunny Seattle weekend. http://t.co/w2AVKkxu 1 day ago
- Such an awesome summary of the TSA related New York bomb scare http://t.co/771gWBwa 6 days ago
Recent Posts
Categories
- Admin
- Events
- Hardware
- Microsoft
- Mini-Projects
- Photos
- Software
- Uncategorized
- USYD
Archives

I've made my mark

Edmund Tse :: specialist in technology generally