TL;DR : I got hacked. Fixed it quick. Got cool new toys from the hacker in the process.<\/p>\n
So…<\/p>\n
One of the pages I hosted for some friends (a Cub Scout pack page that had long since expired…) had an unsecured file. Total oversight, it was an old version of WordPress and it left a password in plain text, for a user that had superuser mysql rights. That account was compromised, and that compromised the entire mysql db, obviously. So, I took down wordpress on this page to allow for cleanup. I am planning on moving this page to AWS in the very near future, but I just hadn’t gotten around to it.<\/p>\n
Back in November, someone did a clever scan, and found it. \u00a0Clever, becaus ethe site isn’t even running. \u00a0The DN had long since expired with the registrar. I guess they got the IP from an old cache page or something.<\/p>\n
They were sending out phishing scams for itunes.fr for a few hours. I shut it down, but in the process, found that the hacker had uploaded their hacking toolkit. So, long story short, I got some cool tools that I never would have found on my own to security test. Now I can run them against my servers and feel fairly confident that all my shit is squared away. And maybe have some fun at someone else’s expense \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"
TL;DR : I got hacked. Fixed it quick. Got cool new toys from the hacker in the process. So… One of the pages I hosted for some friends (a Cub Scout pack page that had long since expired…) had an unsecured file. Total oversight, it was an old version of WordPress and it left a … Continue reading Hacked, but just a little…<\/span>