Thomas' notes on Oracle DB

The last few month I haven’t published even a single post to this blog. When I revisited my blog after a while I was quite surprised to see it “hacked by ShiRaz09″. A strangely designed page with arabic letters (maybe some important phrases, but who knows? Can’t read them..) and arabic music as well appeared in my browser when I opened my blog. After a quick lookup I found out they just changed some themefiles and changed the admins email adress.

Performing a quick google search I was glad to see that I am by far not the only one who happened to be visited by those shiraz-guys. I guess my fault was not to update to the latest version immediately but nevertheless I didn’t make an effort to trace how “ShiRaz09″ came in. Changing the theme brought back my blog with all its contents, but I had no chance to tell which other files have been modified. I was sure they had put a backdoor somewhere. Because of this I choosed to take a full backup and then I removed both the software and the database from my server. Now, after reinstalling wordpress in the latest version and reconfiguring everything, I am still missing some plugins of my old blog and, of course, all the posts I made.

I decided that I won’t bring back all posts, but filter them and completely rewrite some of them. Besides I’m going to install some kind of IDS that alerts me when the files on disk are modified, so that I don’t need to relaunch my whole blog everytime some people start to automatically use zero day exploits on thousand of wordpress blogs. And, of course, I need to update to the latest version as soon as it comes out.

Thomas