If you wondered why the recent and sudden silence: One of the websites I host – the DAAD Freundeskreis Düsseldorf – and my personal website entry page were defaced by some Turkish scriptkiddie. My university’s International Office sent an email asking whether the address has changed, which is how I found out that something was wrong. The hacker probably used remote file inclusion to deface the sites, but since the Freundeskreis website was running on an old Mambo 4.5.2 installation I didn’t touch for …quite a while, the used method might as well been a SQL injection or a combination of both. IANAH. I upgraded the CMS to the latest stable Joomla version, turned off register_globals and now I’m trying to get my ISP to use suPHP. Recovering data, changing passwords, upgrading the software and reconstructing everything took me eight hours and several days to check whether everything was really ok. This WordPress install was untouched, luckily it’s upgraded to the last stable, sitting in a subfolder and used another database anyway.
The hacker left his emailaddress on the root page, but he didn’t write back. Too bad, could have made for an intriguing exchange.