For an hour or two in the early hours of this morning (my time) the server that ProBlogger is hosted on was hacked by someone with a political message.
They targeted index pages on a number of sites including ProBlogger, ProBlogger’s Job Boards, Digital Photography Blog and a number of other blogs that I’m associated with.
Thank you to everyone who has emailed to let me know (I have an inbox with well over 100 emails with the word ‘hacked’ in it. I do appreciate everyones concern and offers of assistance.
Thanks to my great server guy Regan who was on the case very quickly we’re gradually coming back up online on the sites that were effected. Both PB and PBJB are now back up and running and my other blogs (including DPB) will be back to normal later in the day.
Any idea how the hacker gained access?
Not yet Mark. We’re working securing everything and getting things back up and running (it’s going to be a long day for Regan) and then we’ll do some more analysis on that type of stuff.
Darren, sorry to hear of the problems with the sites being hacked. Best of luck to you guys for getting things going without having to work too many (more) long hours. If there is a need for assistance of any kind, feel free to drop a line.
Very strange indeed. I was writing up my headline. Darren Rowse A terrorist? ;)
“Bee in his bonnet?” Do people still say that?
Haha Darren,
You’ve REALLY made it once you’re hacked.
I’m interested in what the jerkwad posted… you should put it back up and we can ridicule it horribly.
:-)
Frankly Jim it’s far better that Darren say no more that he already has.
My websites also had their index pages swapped a few weeks ago. The recovery process sure sucks. But at least im glad they didnt target other files.
[…] UPDATE: Darren has a post up on ProBlogger that explains what happened and to what extent. It would seem that there were at least three of Darren’s sites affected and that the attack was aimed at the host and not the sites in particular. […]
I’ve got a screenshot and some of the text from the site when it was still hacked if anyone is curious.
http://www.thatedeguy.com/archives/2006/08/jobsprobloggernet-has-been-hacked
Good to see everything is up and running again Darren!
I remember my first hack. We were targeted by a conference in the Netherlands last summer.
Destroyed the site. What great memories.
Glad to see you are back up and running, Darren.
If you find out how he got in, please let us know (once you’ve closed the hole) so that we can all make sure that we are also protected.
Must be the time of hacking – our blog was also targeted a few weeks ago, though in our case I suspect it was more random than someone targeting us because we were famous ;) .
It did occur to me, while spending hours fixing the problem, that I am so pleased I am the hacked and not the hacker…
Look at the bright side, now you have the word “hack” and “hacker” as content on your site, maybe Google or Technorati will pick up on it and get you even higher rankings ;).
Just a side note, if the hacker is still at large then ridiculing him/her/it would most likely make them want to do it again.
That just guarantees that script kiddies will be asking him how to hack. :)
Glad to see you back up and online!
Regards,
Doug
Glad it all worked out ok Darren.
Darren, Can your server guy , id the vectors of the attack ? it will be interesting to see how this happened. Maybe share the sec glitch , so others can zone themselves accordingly to negate risks.
any ideas what s/he meant “For the Impolite Admins … who sent me impolite MSGs ” — was this a provoked attack ?
[…] We noticed yesterday that the fellow at ProBlogger.net was hacked, and his material was replaced by some political messages. That is unfortunate, but (1) the guy obviously knows what he is doing with his blog, and (2) he (and IT administrators) got it up and running in the same day. […]
You know your website is popular when someone wants to use its traffic as a means to get their word out hehe.
I wish these people would find something more constructive to do. Think of all the productive energy wasted. I’m sure they could be making a ton of money doing something legit…
It’s just a another lame mass defacement replacing all the index files on a virtual hosting server, check Zone-H, there’s hundreds every day.
Maybe you should look into better security for your site. Email me and I could give you some ideas…
[…] Also, I wonder, for a guy like Jeremy who has large reader base, if this wouldn’t be awesome link bait for him? If he put up such an page by himself he’d be sure that someone would blog about it, and thereby get a bunch of links… It happened to Problogger not long ago and Darren got some links out of it. […]