Haxx, Upgrades, and Server Issues, Oh My
Posted by 0rion on July 23rd, 2009 - 10:55 pm
Mmm, my favorite.
Yes, it’s true. Not only has Epic Win had some painful issues with our server host the last few weeks, we also got h4xx0red. And to top it all off Guff has abandoned me again and flown back to Japan.
Not to fear, though. I was able to identify the source of the problem and everything’s been cleaned out thoroughly. I Satchii blasted them all.
Apparently it’s actually been affecting a number of Wordpress sites recently, so fellow webmasters may want to read up on the following and take note in case you run into this on one of your sites.
Basically, after a lot of poring through log files and researching, it actually turned out to be a trojan known by the moniker “Koobface” that infected one of the computers I use to access Epic Win from.
This trojan apparently activates when it detects an FTP client program firing up, and it captures the login credentials for the site. Malicious scripts are then added into a couple Wordpress files to cause them to open a 1 x 1 pixel sized iframe that tries to direct the browser to a malware site, in this case a domain called “updatedate.cn” (Warning: Don’t go there!).
Although a pain in the ass to track down, ultimately it was pretty simple to clear out once I was able to identify how the account had been compromised. A thorough cleaning of the infected computer removed the trojan, and then I just needed to reinstall Wordpress and change my passwords.
Uguu~. -_-
Anyway, I apologize for the lack of updates this month. Between the hack and some problems I was having with the web host, I was putting all my spare time into dealing with that and didn’t have the energy to really post anything.
At any rate, I’ve still got a ton of cool pictures from Anime Expo 2009, as well as a bunch of half written reviews and other stuff in the works, so hopefully I’ll be able to make up for the slow month with some good quality posts here in the next week or so.
Sheesh, never a dull moment on teh intarwebs. Oh well, at least I got a good excuse to post some Dennou Coil and Serial Experiments Lain pics. 
I had that exact same trojan in one of my sites just yesterday and Google marked it as an attack site. Luckily my host managed to get rid of it for me and that the trojan didnt come from me so all my other sites are safe
Hmm…I run spyware checks regularly and have a firewall installed, but I’m still a bit concerned about this one. Presumably there’ll be a security update from Wordpress if it turns out to be a common issue, but is there anything I should be looking out for on my server or home PC? Needless to say I’ll do another backup of my database this weekend, just to be on the safe side.
Good to know you’re still alive and kicking, though. Lain pics are always good. ^_^
And Guff’s gone back over to Japan? Lucky bugger. I was only there for a fortnight but still miss the place now!
Awesome detecive work. GJ