This blog was hacked awhile ago. It was annoying, I hadn’t updated my blog software for awhile and there was a security hole. It was a good learning experience of how to deal with the intrusion. It was also nice to be able to quickly whip together some scripts to help clean everything up. This let me see which files were recently modified

`find . -type f -mtime -3 | grep -v "/Maildir/" | grep -v "/logs/"``

The exploiters were modifying my .htaccess and adding a few files of their own, this deleted their files

    <script src="https://gist.github.com/1491781.js?file=gistfile1.txt"> </script>

This code helped remove exploit code that was injected into all of the pages on the site.

    <script src="https://gist.github.com/1491783.js?file=remove_code.rb"> </script>

After upgrading my software and installing security patches, a bit of other cleanup, and file permission fixes everything was back to normal.



blog comments powered by Disqus
Dan Mayer Profile Pic
Welcome to Dan Mayer's development blog. I primary write about Ruby development, distributed teams, and dev/PM process. The archives go back to my first CS classes during college when I was first learning programming. I contribute to a few OSS projects and often work on my own projects, You can find my code on github.

Twitter @danmayer

Github @danmayer