Update – As I look back over this article from almost a year ago, it is amazing how many sql injection hacks I have had to clean up. I believe I was somewhat fortunate in the early days because I use tough passwords and generally keep my sites updated with the latest wordpress version and plugin updates. Since this article, I’ve significantly increased my security precautions not just on my website but on every client website I work on. The hackers never stop trying new things and finding new ways to break it, so it is very important for developers to help their clients stay up to speed if not just ahead of the hackers. Looking back 11 months, I can’t help but wonder how much more secure I’m going to have to get in the next year.
Today, I stumbled across a mess on an important client website. My own!
My site had been hacked with a technique known as sql injection, which in basic terms means that someone gained access to my database that holds all my content and made a ripe old (but slightly secret) mess of things.
It inflated the size of my database files to over 240 mb’s for one thing.
It also create other non-approved admins for my site.
The clean up has been long and tedious both here at Softduit.com and on a deeper directory for Maven Mapper’s Information.
The only casulaties in this event so far has been my widgets (which I neglected to back up) and my images on Softduit. Fortunately, my images on Maven Mapper’s Information were not lost, as they were stored somewhere else.
So if you have happend to come by today and things didn’t look quite right, there’s your answer.
The bulk of the site is fixed at this point, restoring images is going to take a lot more work, and in the process, I might just reboot the whole site anyway as it was close to needing a makeover regardless.