Hacked, oh joy

I’d gone to quite a bit of trouble to compose a post describing how my web provider, ipowerweb, got hacked yesterday just after a big server outage (again? Damn!). Had many many sentences here, describing all in lurid detail. But then something happened to the browser, and poof! it all went away.

So this is the “really, it’s important enough to describe” post, but written in the abbreviated and aggrieved style of one who has to Compose It A Second Time, already.

(note to self: The Advanced Editing button—which saves a post in draft form— in the WordPress Write Post window is A Good Thing.)

The server that hosts this site was affected. So were all the static files for this site (which number in the 1200s or is that 2200?). With some awful <marquee> tag to place spam pointing to sites of, er, pharmaceuticals. In my static pages, the hacked stuff appeared at the bottom, after the final </html> tags. In my WordPress files, the <marquee> crap was at the top, before the DOCTYPE declaration. So I got all kinds of icky php header error messages in WordPress. Upgraded from 1.5.1.3 to 1.5.2 and that didn’t fix it. Discovered that it was on the server, because the iPowerweb control panel, vDeck, was also hacked with that awful <marquee> crap in the bottom of the page, after the final </html> tags.

After 1.5 hour on hold to tech support (Thank God it’s an 888 number), I told them about it. Had discovered the “it’s in vdeck, so it’s on YOUR server” problem while on hold. Had upgraded my WordPress install while on hold. Had replaced all the static files in the site while on hold. I thought, surely their phones are ringing off the hook because of this, and I’ll get this “Oh, yes, well we know about that. Let me check the status for you” kinda response from them. But no. Hacked? Hold on, they said. They checked and saw that it was server wide (for that single shared server, not all their servers). Trouble ticket written, support tier 2 (which is a high level ticket, I was told). Sometime between last night and today they fixed it on my site, but I just checked and the stupid drug message thing is still in the bottom of my vdeck control panel.

I don’t know what lessons to draw from this except that those spammers suck and deserve to dwell evermore in the shit left in the New Orleans Superdome. Or that they’re persistent buggers. Or that they’ll stop at nothing to insert their spam linkage wherever they can (did they take advantage of vulnerability in a just-restarting-web server after that brief outage? Did they cause the outage? I don’t know). But I post this here. A story. A whining. But most of all, a warning.

One response to “Hacked, oh joy”

  1. 2020 Hindsight » Hack update

    […] That razzum frazzum spammer did it again yesterday (first time was a week ago today), inserting that damn <marquee> tag into every page of my web site. At the end of every file on my site, a loooong line of code resembling this: […]