Well, I’m close. You probably can’t easily tell, but I’ve updated the core blog software for my blog.
Both ‘about time’ and ‘good thing’ apply. In the process I did find my blog had been hacked.
I use WordPress as my blog software here. The edition I was using was one of the last releases that did not have a built in update button. The last couple of releases, 2.8.4 and 2.8.5 have been ‘hardening’ releases. These are versions that make it harder for hackers to break into your wordpress blog and do things like delete previous posts, add or delete users, or even edit posts.
One of the most famous incidents of this nature is the blog that Robert Scoble writes. Apparently whomever has been compromising or hacking into wordpress blogs decided that that might be a good blog to do some rather offensive things to, such as delete all the blog entries for him.
For the most part my wordpress update was smooth. The thing that has been of concern was backing things up. I’m a big fan of ‘simple’ and the first thing that I could see when looking at the instructions for backing up the wordpress database was that they were not ‘simple.’ Granted I didn’t look far enough into the process. Once I did I saw that there was a 1 line command I could use to do the job. No installing extra software that I hadn’t worked with before, etc.
As I was re-enabling a plugin, a new feature showed up that I hadn’t seen before. Checking what the feature gave me, I ended up ‘spotting’ a user I didn’t recognize. So I went to ‘Users’ and Hmm. there sure are a lot of users here, and none of them appear to be this user.
I actually suspect that the bigest use of the hacked admin account has probably been to create users that can then be used to authorize users at places that ‘check’ to see if you have a valid account some place. In any case I certainly didn’t recognize any of them, and since I do not allow people to create accounts for themselves, away they went.
But no, that didn’t delete the hidden account. That was going to take a little bit more work. For that I ended up having to do a bit of searching. I ended up at http://reports.graymattergravy.com/2009/09/06/remove-hidden-admin-users-in-wordpress/ where the writer has very sucinctly demonstrated how to delete a hidden admin user.
Will that be the end of it? I don’t know. It should be harder to break into the new version, but if someone broke into this, it’s possible that they (or someone else) broke into another system I use. Fortunately (theoretically) much of the underlying code that the wordpress software ran on should be up-to-date, and hopefully reasonably secure, but there are a few things I will have to check out now.
All of the users, except the stray admin users, that I deleted were ‘subscribers.’ As one of the questions in the deletion process went, I was asked if I wanted to delete their submissions as well. Yes.
I have at least one person who reads and occasionally comments on my blog. I was concerned that their posts may have been lost. They were not.
The remaining item I have to deal with is getting google analytics hooked up again. I’ve had a bare bones hit count running against my blog for a while. It’s racked up what I consider to be a respectable count of reads of my blog. However I really didn’t have a way of knowing anything interesting about the readers. Hopefully that will change shortly.
