Lessons from the WordPress Worm

After reading the news about the WordPress hacking attacks of such as Andy Ihnatko and Robert Scoble, I spent more time than usual cleaning up my hosted account and trying to figure out if I were one of the folks John Gruber had in mind when he questioned the wisdom of amateur system administrators running their own WordPress installations.

I’m pretty good about keeping my primary sites updated, particularly now that WordPress makes it so much easier to install the newest versions. I did have three or four installations that I had installed for various test purposes over time that weren’t up-to-date. There was no obvious indication that any of them had been compromised, but just to be safe, I exported the data, and then implemented the ‘nuke from orbit” sanction.

That led me into the logs for my account–which scared the daylights out of me. The log files are filled with strange entities trying to run scripts, execute PHP code and access a whole host of other stuff that I have no idea what it’s doing. I can’t find any evidence that any of this is actually working, but my Linux and Apache knowledge is so limited that I can’t really be sure. I’ve always liked the freedom provided by Fantasico and Simple Scripts to just stick a new blog, CMS, or some other piece of software up, just to try it out. I’m getting the sinking feeling that maybe the ability so easily install software might have a dark side that needs to be addressed.

It may be time for coffee with John Drummond and a little tutorial about what constitutes responsible administration for a hosted account.

css.php