Run to Win was Hacked

by | Run To Win Website | 9 comments

Run to Win was hacked this evening, but I caught it in less than an hour. I have installed a completely fresh install of the latest version of WordPress, and there does not seem to have been any access to any sensitive information. The site just got defaced. If you notice anything strange over the next couple of days, please let me know so that I can make sure that I update any plugins or fix up anything that isn’t quite right. Otherwise, we seem to be chugging right along as normal.

9 Comments

  1. Vanilla
    Vanilla on August 30, 2007 at 11:54 pm

    I’m glad you caught it quickly. Why would anyone want to hack a running blog?

  2. Blaine Moore
    Blaine Moore on August 31, 2007 at 5:24 am

    Apparently because they thought they were cool. It looks like it was just some script kiddies.

  3. Wes
    Wes on August 31, 2007 at 8:37 am

    Aren’t you an IT guy? LOL. I remember when I exposed my home Linux server through the firewall. I got probed (hee, hee) every day. I’m sure most of it was automatic. Good thing you caught it so quickly!

  4. Blaine Moore
    Blaine Moore on August 31, 2007 at 9:15 am

    I am an IT guy. I gave in to the heat and shut off the computer last weekend, and planned on upgrading this weekend. I delayed just a bit too long. Such is life.

    I have an automated process that backs up the site every day, and they didn’t do anything worse than replace the home page of the site. The only thing I would have really worried about was if they put some sort of malicious software on the page for people that visit, but thankfully they did not do that.

  5. Anne
    Anne on August 31, 2007 at 10:35 am

    Do you think your blog was targeted, or just anyone using WordPress with the vulnerability? If it was just you, you should probably feel honored in some way that the kidz chose you. A warped view, I know. But it seems whenever I talked to defacement victims, there was this weird bragging beneath the protests. Maybe it was just the IT world at that time, when defacements were the rage. I know when they hit my company, we were not amused.

  6. Blaine Moore
    Blaine Moore on August 31, 2007 at 11:34 am

    I think that they were just targeting wordpress sites that were not updated with the latest security fixes. I doubt that I was targeted specifically this time.

  7. Terry (planet3rry)
    Terry (planet3rry) on August 31, 2007 at 1:22 pm

    That’s annoying… I guess that I’ll get that new update now. Thanks for the heads up!

  8. DPeach
    DPeach on September 1, 2007 at 1:08 am

    I just upgraded my sites and now there is another new release on the horizon. The upgrade is not hard, I usually wait a few days after it is announced to make sure there is not a problem. But sometimes those few days slip into weeks and I forget.

    This is a good reminder to keep things updated.

    Sorry it happened, but I am glad you did not lose anything.

  9. Blaine Moore
    Blaine Moore on September 1, 2007 at 5:59 am

    Well, I won’t install 2.3 under any circumstances; I’ll wait at least until 2.3.1…