Month: November 2009

So the reason I haven’t posted here in a while is because I got a new job!

As of about six weeks ago I started working full time with Google as a Strategic Partner Manager, in the EMEA Reseller team. It’s been fun, exciting, and a lot of work and material to learn and (hopefully) master in quite a short amount of time.

If you’re curious what “Reseller” means at Google, here are a couple of links:

• The Reseller program description
• A YouTube video pitched at potential new Resellers

Finally, a disclaimer: The views and opinions I post here on my blog are mine, mine alone, and not those of my employer. I don’t (and wouldn’t presume to) speak for Google. (And no, I can’t talk about any cool new stuff that hasn’t been released. Most of the time I only find out about it when it’s released, anyway.)

It’s going to take a while before I get back to posting regularly, but I’ll eventually find the time.

While WordPress is great software, its ubiquity means that a lot of script-kiddies and general hackers like to attack it. All of the different settings, options, plugins and the rest mean that it takes quite a bit of work to balance letting people participate (through comments, postings) while keeping spammers and hackers out.

About a year and a half ago, my blog was hacked. I was notified of it by Google’s webmaster tools, and it took quite a while to go through all the different files to find the offending code and strip it out. It ended up being located in a number of different places, so it took a few go-through’s re-submitting the site to Google before the hack-detection software declared it clean.

I was always a little worried that I hadn’t gotten it all. Recently, I came across a great couple of blog posts that I highly recommend:

• This is a good general description of why you need to be worried and links to a couple of tools you can use.
• This is a link to a WordPress plugin called “Exploit Scanner.” I uploaded it to this blog and found a number of files that were clearly hacker-installed. I’ve since un-installed them, but want to post some things to help anyone else that might face the same situation in the future.

— — — — — — — — — — —

Files that were uploaded:
fx_akismet.php
fx_blogger.php
fx_I10n.php
fx_menu.php
fx_wp-config.php
fx_wp-db-backup.php
… and a folder of 70 html files and a javascript file meant to steal Google PageRank

All the php files were nearly identical. Here’s the code:

I don’t code in php, so I don’t really know what this says, but hopefully it might be useful to anyone afflicted by the same script.

I highly recommend if any of you have WordPress blogs to take these same steps to see if you’ve been hacked.