My blog got hacked again. Only discovered it last night when I tried to post the entry about my first day (which is Sun) in Bangkok and got the damn "parse error" again. Logged into Yahoo webhost and true enough, my index.php and xmlprc.php file got edited on 4 Oct 2008. Sky happened to be online so I told him about it. Even he was surprised that my blog seemed to be getting hacked so often given that my password is really quite secure (consists of special characters, capital letters, numbers and with no proper word). The only reason he could think of is there may be some weakness in my Yahoo and/or SQL database setup and I really can’t be sure ‘cos I have no idea how the technical aspects of it work. Anyway, Sky happens to offer webhosting services too so I decided (on the spot) to switch to his.
The price he charges is very reasonable and he helped me shift my entire blog to his server. Will have to work out with him how to upload files via FTP, as well as figure out a way to shift my email adds to his server. He helped me sort out the entire migration till 4am last night. (THANK YOU!!). I sure hope he wasn’t working today. Haha.
Once everything is sorted out, I’m going to dump Yahoo for good. Though convenient (and I loved the Snapshots Backup feature), it’s getting very costly to host it with them. I got an email just 2 weeks ago saying that the price is going up by USD1 from USD11.95 to USD12.95 per month. It’s ridiculous. The biggest benefit I see about hosting with Sky is that I know him and I know I’ll be able to approach him for help. At least with a friend as a webmaster, I don’t mind telling him my password if need be, for him to help troubleshoot and then changing it to a new password thereafter so I can’t hold him liable for any subsequent security lapses either.
As it is, I already noticed a few improvements to my blog/Wordpress interface. For e.g., the "index.php" has been removed from my my pretty permalinks. (This is probably ‘cos this is now a clean installation of the latest WordPress compared to the upgrade I did on my own). Also, there’re more theme options in my WordPress admin panel. Better still, the plugins that I deleted when fixing the damn 4 Oct hack have also been added back for me. Whoopee!!
Anyway, I really hope this puts a stop to the hacking of my blog once and for all. Damn you chao hackers!
Been using WP 2.6.2 the past few days to great satisfaction. The bug on the Admin Panel Comments section got resolved too. My pretty permalink isn’t quite cosmetically perfect but that’s another issue all together. Since the index.php workaround works, I’m not very bothered.
Anyway, for those who weren’t aware, everytime you do an upgrade, you should compare your existing wp-config.php file with the new installation file which is named wp-config-sample.php. Either transfer your settings to the sample-file and rename it to wp-config.php or copy the new statements from the sample file into your current file. Don’t do a simple overwrite else your customised settings will be gone!! It’s important to compare the statements because different versions of WP may have different authentication keys / secret keys that help harden your blog again spam attackers!
Did a very quick WP upgrade to version 2.6.2… painless and so far so good.
Just a log so I remember what I’ve done…
5 Sep 08 – Blog got hacked by those damn spam injection bots again
6 Sep 08 – I realise the hack and also found out that the Secret Key for WP 2.5 & WP 2.6 is different. (Mine wasn’t updated after the upgrade).
7 Sep 08 – Finally manage to get the new Secret Key to work (something wrong with my coding on previous attempt).
7 Sep 08 night – Realised I couldn’t log into my Admin Panel. Tried everything suggested in the forums – changing mysql password, resetting Admin Panel login pwd, etc. I even went backwards and loaded my blog snapshot as of 24 Aug but still caught in endless wp-login.php loop. Gave up, posted on forum asking for help.
8 Sep 08 – Another WP user said what worked for him was disabling all plug-ins one by one… different plugins were the cause of the problem for different users. Tried & worked! My culprit plugin was the WP Automatic Upgrade plugin.
Lesson learnt? Not all blog problems can be solved in 1 day… and the forums are a GREAT help.
I wasn’t as frustrated this time as I was the last… heh… but I do note that I need to learn to be patient… that’s something I didn’t inherit from my dad unfortunately. He’s the most patient trouble-shooter I’ve seen. 😛
My blog got hacked again. Sigh.. but I managed to fix it (took me 2 days.. finally got it straightened out today). Anyway, I suspect it’s ‘cos the secret key for WP 2.5 is different from the one for 2.6 and I’m running WP 2.6 now.
For more info, do read here. I’ve also reported to yahoo webhost that the auto WP upgrade function isn’t working and they’re looking into that. They also gave some instructions on how to do a proper upgrade… no time to look at it now… but will do it soon. Meanwhile, hope my blog stays attack free.
DAMN U HACKERS & SPAM BOTS!
Good grief! I have no idea why this is happening but I got my permalinks to HALF work.
My permalinks (before the 2.6 nightmare) used to be in the format:
Then WP 2.6 came and they got all broken and nothing could fix it.
After the upgrade to 2.6.1, they still didn’t work. HOWEVER, by selecting a "Custom Structure" in my permalinks setting page and using:
I now get this:
So I get my post name as part of the URL, but there’s this "index.php" there. Anyone knows why?!?!??
Damnit! Just realised I’m going to have to set aside time to fix the damn permalinks bug because unless WP 2.6.1 comes out REALLY REALLY soon, all my previous blog entries, where I made url references to other blog entires, would now become a broken link! Grr…
tried the work around solution for the permalinks bug in WordPress 2.6 but that unfortunately didn’t work for me. the solution proper requires me to delve into the codes but i’m hesitant to open the floodgates of blogging hell. the best bet for me, perhaps, is to just wait for WP 2.6.1 to be released and hopefully the bug will be fixed then.
throat started hurting again this morning. argh. maybe it’s ‘cos i finished the course of antibiotics last night but my body hasn’t developed enough of its own to fight off the sore throat. 🙁
very sian. sigh.
Need to say thanks to David for alerting me that the Pages in my blog had broken links – happened when I got rid of the permalinks. Sigh.
I found another error too. Went to my WordPress Dashboard and saw I had 4 comments that needed moderation. However, when I clicked on the Comments section, the "Awaiting Moderation" part was blank!
Managed to get around this by going back to my Dashboard – Manage Posts and under this section, posts that have comments awaiting moderation are highlighted a darker shade.
Sigh… I hope there’s a new release of WP 2.6 soon… with all these bugs fixed!
I just went to blog hell and back. Was really happy when I found a plugin that allows an automatic update of WordPress. However, after the upgrade, I found that all my Categories went missing!
Thank God, I found the solution here. I installed the phpMyAdmin programme and managed to add back the categories as per the instructions. However, after that, all my category links didn’t work! Kept getting a "Repeat Loop" error.
I thought it was some error on my recovery steps… so I left a comment on David’s blog asking for help. He very very kindly took a look at my blog and told me that it was another WP 2.6 bug I was suffering from – the Custom Permalink weren’t working.
He also gave me the solution here. But being the WP idiot I am, I decided it was easier to just disable the Custom Permalink plugin. Heh.
OK, so most readers of my blog aren’t going to be bothered about all techie speak but I just wanted to give a summary of what happened here in case another person who’s as WP "un-inclined" as me will not have to go through blog hell too. Heh.