Zen Habits spammed

Hey guys, just a short note and an apology to any blogs who’ve been spammed with Zen Habits (and other) links at the bottom of their html code. I didn’t do it, I promise. Somehow my WP install was exploited and some spammers got some files onto my server. It’s being fixed.

My apologies if your blog was spammed through Zen Habits. It really makes me wonder if these sites actually make more money from doing dumb things like this, and if they feel good about that. Money isn’t everything.

Posted on 9 April 2008 in Aboutzenhabits |
Digg |
Del.icio.us |
Stumble |
Print

Comments (31)

mark @ mytropicalescape Says:

April 9th, 2008, 21:16 pm

Leo - thanks for the update! If you have a chance can you let us know what security flaw they exposed?

David Zemens - 1955 Design Says:

April 9th, 2008, 21:18 pm

Any idea how your WordPress site was compromised? We wouild love to know.

skyz Says:

April 9th, 2008, 21:20 pm

powerless people like to cause grief - it is the downside of the internet - no one blames you -

Leo Says:

April 9th, 2008, 21:26 pm

I’ll post an update in these comments later, when my tech guy sorts it all out, but from what I can tell it was an exploit of one of my plugins. We’re going to upgrade WP to 2.5 (which is awesome btw) and install the plugins from scratch. I’m not a technical guy, so I can’t really explain much more until I have it explained to me. :)

David Zemens - 1955 Design Says:

April 9th, 2008, 21:31 pm

Thanks for the update - we will all be curious about the details once you know them.

Corey - Simple Marriage Project Says:

April 9th, 2008, 21:41 pm

No worries Leo.

Israel Lagares Says:

April 9th, 2008, 21:50 pm

hmm, not cool. Let us know. I upgraded a blog to 2.5 and it takes some getting used to, but it is cool.

Tad Says:

April 9th, 2008, 21:53 pm

Leo,

No worries! Looking forward to hearing from you soon.

Tad
http://growingintoyou.com/

Chris Says:

April 9th, 2008, 22:06 pm

Being used and exploited always leaves a bad taste in the mouth, especially when the goal (money) seems so pointless. However, it is a learning point to always stay onrev with software. The bad guys are always a step ahead but it doesn’t hurt to be level with everyone else.

Btw, the source code for your site is still *massively* listing spam sites and keywords. You might want to consider just wiping the site and restoring from backups. Clean would be messy though removing all references to a kef_media (remove the underscore) in the db would make it easier

Laurie Says:

April 9th, 2008, 22:19 pm

I’m glad to see you’re on top of things Leo! Thanks for the info.

Evan Says:

April 9th, 2008, 23:38 pm

I believe there were some security problems found in earlier versions of WP that were fixed in version 2.5, so it might pay to go to the WP site and have a hunt around.

I read this on another feed - http://tinyurl.com/6anu8j - but I just when and upgraded my wife’s blog, didn’t go look into detail.

tom Says:

April 10th, 2008, 0:07 am

hi leo,

i have the same thing on my site so any information would be appreciated.

thanks,
tom

Mike Smith Says:

April 10th, 2008, 2:12 am

Misery Loves Company - I guess it applies here as well. A lot of people like this online it seems like.

Oh, and CONGRATS on getting over 50K subscribers!

Fraser Cain Says:

April 10th, 2008, 2:51 am

Hey Leo, it’s been happening to a bunch of people. Edit your footer.php to remove the spam links (they’re still there), and then chmod all the PHP files to 644 to prevent them from being edited.

Mark Avey Says:

April 10th, 2008, 5:18 am

I know the feeling. I also got hammered recently.

Hope you don’t mind me mentioning it, but only yesterday I posted details about how you can spot if you’ve been hacked in this way at http://www.psionmark.com/wordpress/the-great-wordpress-attack/

Cheers,

Mark

stockdam Says:

April 10th, 2008, 8:49 am

There’s nothing constructive in being destructive.

There are those who use their talents as best they can to make life better and those who just want to cause problems.

Keep on truckin

Mark Says:

April 10th, 2008, 9:49 am

From what I can tell from the WordPress bug tracker, 2.5 doesn’t have any security fixes. However there are known exploits for some older versions, so if you’re not running WordPress 2.5 then you should be running 2.0.11 or 2.3.3. The 2.0.x & 2.3.x branches are still supported (well 2.0.x is, not entirely sure about 2.3.x) and those are the most current versions for each of them.

Daniel | Winning Everyone Says:

April 10th, 2008, 13:08 pm

Wordpress 2.5 is an easy upgrade and took me not more than 15 to 20 minutes to figure out what I am doing and how to use the latest edition of wp 2.5 :)

Don’t worry. Most plugins (or maybe for those that I’m using) are already ready for wp 2.5 and can run immediately upon your upgrade.

Congrats on your breakthrough of 52k subscribers!

erin Says:

April 10th, 2008, 14:17 pm

is this why i keep having trouble accessing your site?

Thomas Palmer Says:

April 10th, 2008, 18:58 pm

It sounds like you left your install files on the server and didn’t delete them when you were done. Ouch, though I’m glad you were able to fix it.

Leo Says:

April 10th, 2008, 20:59 pm

Well, it looks like things are fixed now. Cross my fingers.

I didn’t do any of it, so I have to plead ignorance here. But my tech guy, the fabulous Ryan of Australia, did an install of WP 2.5 (which, again, I love!) and installed my plugins from scratch I think. He also deleted the spam links from my html. I’m guessing that things will be more secure now, as 2.5 is much more secure than older versions as far as I know.

I wish I could give more info, but I’m not sure what the exploit was. One person mentioned that it was the “optimal-title” plugin — I had a plugin with a similar name but an extra “l” in the name, and it was compromised. I’m not sure if that’s the case, but it might be.

Thanks for all the kind words, my friends! Man, WP 2.5 is nice! :)

Piankeshaw Says:

April 10th, 2008, 21:29 pm

Hey!! I have noted that in previous blogs that you state that you are a devoted Mac user. OS X is one of the most insecure operating systems out there. I would recommend Ubuntu which is a Linux distro. Ubuntu is absolutely free and is much better than Windows or OS X. It also has a great collaborative philosophy that is in sync with Zen Habits. Check it out at http://www.ubuntu.com I’ve been Microsoft-free for years and better for it.

Chris Says:

April 10th, 2008, 21:33 pm

@Piankeshaw - not to derail this but OSX itself is not really any less secure than Linux itself, let alone the various distributions of Linux like Ubuntu or Redhat. They all have security issues and bugs with varying response times to fix it. OSX is also built upon the Darwin core, which is an open source licensed BSD/Mach relative.

Scott W. Says:

April 11th, 2008, 0:38 am

@Piankeshaw - I also use Ubuntu :) It works really well, and I do agree that it does sync well with this site.

But I disagree with you saying that OS X is a very insecure system.

I read an article at one point in time that said an OS being Windows or OS X or Linux alone does not decides if it’s a secure OS. This makes perfect sense. Although I do agree that the open source idea does provide more security, there isn’t any evidence that suggest it’s more secure.

If a statistic were to say Windows was less secure than OS X or Linux, I would say “Why do you think this?”. If the response was anything related to the number of viruses that windows is infected with compared to the number of viruses that linux or OS X is infected with, I would give that person a hit on the head.

The problem with that statistic is that it doesn’t say Windows is more vulnerable, it says that it has MANY MANY more enemies then Linux or OS X

# of Virus’s for Windows is MUCH higher than the number of viruses written for linux.

If the numbers for those two were about even would the statistic change? No doubt.