Have I been hacked?

Today I was notified by Google that they took one of my blog pages off their index. The reason was that this entry contained some hidden content which referred to suspicious sites about ViAgrA, whatever that is ;-). I cleaned this up quickly, and checked the database for more such stuff, but it seems only one blog entry was affected.

But this leaves me slightly nervous. This was not the usual spam comment. It was a modified blog entry. I wonder how that could happen. I usually keep my system up-to-date with regard to security patches (it’s a Debian box), have rkhunter and other tools running in cron jobs, etc. How is it possible that somebody sneaks in content in a blog post (XSS attack?)? The only thing I can think of is that there has been a vulnerability in WordPress, and it got passed in during the time window until I updated the box (every couple of days usually). I’m still worried. If anybody has some hints what might have happened, and how I can be sure there’s no other weird things going on my box, please comment.


About Roman Kennke
JVM Hacker, Principal Software Engineer at Red Hat's OpenJDK team, Shenandoah GC project lead, Java Champion

One Response to Have I been hacked?

  1. I had a similar thing a few months back. Still not sure of why, I’m in a very similar situation (updated Debian box with WordPress etc.) Looks like someone is attacking Planet Classpath blogs!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: