← Back to Archives

My blog got cracked

berkeley

I want to personally thank and scold the cracker who cracked my blog software last night.

[More:]

A spanish-speaking cracker took advantage of the fact that I had mistakenly left a file world-writeable (conf/_config.php for all of you b2evo bloggers out there). This cracker uploaded a near-perfect copy of this file with one line different:

$baseurl = 'EVE ESTUVO AQUI';

(I've replaced the cracker's name because I can't remember it and I don't want him/her getting any publicity.)

Anyway, this had the unfortunate side-effect of making my blog non-functional. When I found this out, I freaked out and immediately changed the $baseurl back and removed world-writeability from all files. Unfortunately again, I managed to include a trailing slash (/) in the $baseurl which screwed my blog up even more. Everything's now fixed.

I wonder about hopeless geeks like this cracker. I mean, I appreciate learning a valuable lesson in security while simultaneously not having much in the way of damage happen (especially due to the cracker's own actions). However, I spent about two hours trying to fix the hole and then recovering from my own fixes. I could very easily have damaged my blog on my own in response to the cracker's actions. In the future, I would appreciate an email or something that lets me know what the problem is, not something I have to decipher.

En Español: Por favor, la próxima vez que usted necesita enseñarme una lección de la seguridad del software, envíeme un correo electrónico en vez de abusar de mis recursos de la computadora. Gracias.