Blog hacked – returns from the dead

A smiley by Pumbaa, drawn using a text editor.
Image via Wikipedia

I discovered it through a post on Friendfeed (one of the rare times that I checked my FF page) – it showed that a new post had been posted on my blog, with the title “Hello World”. It’s not a good feeling to suddenly see that something has been posted on your blog, without your control. When I loaded my blog, I saw that it had been entirely wiped out, and what was there instead was a brand new install of WordPress, with a blog called Busty, and one post saying only “Hello World”… I had been hacked.

I still am not quite sure how this happened. I am assuming it happened through some weakness in WordPress, since only my blog was affected of all the different content I host on my site, however I was running a fairly recent version of WP. In any case, the database holding all of my WP blog posts was completely hosed. I hoped in the longest that my host Site5.com would be able to restore the site from backups, but on my cheap plan, they only do one daily backup, and I discovered it too late – the backup from yesterday was already overwritten…

Of course, I ought to have had a backup myself, but I had been very lax. In fact, I thought I had a backup lying around somewhere, but could not find it. So what to do? Well, after some messing around, I managed to restore almost all the old posts using a Ruby script that parsed my old blog post pages through Google Cache. It worked surprisingly well, and I will do a separate post about how I did it. The most important thing, however, is that almost all of my posts should be back in place, at the same URLs as before (if you find any broken links etc, please let me know). Most of the comments should also be preserved, because I used Intense Debate.

To me, it’s certainly a reminder to be much more vigilant about security, and backups. It’s also a neat example of how “the cloud” can inadvertently function as a backup. I wouldn’t rely on it entirely, and it was a major pain to revert from HTML back into structured data for the database, but it’s incredible that it was even possible.

Happy New Year, all!
Stian

Reblog this post [with Zemanta]

This entry was posted on Sunday, January 11th, 2009 at 10:21 pm and is filed under personal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Similar posts that might interest you:

4 Responses to “Blog hacked – returns from the dead”

  1. Random Stuff that Matters » Blog Archive » How to restore your hacked WordPress database from Google Cache through Ruby
    January 11th, 2009 @ 11:25 pm

    [...] my website got hacked, and I lost my entire WordPress database. I realized that I could find most of the information [...]

  2. bwb
    January 12th, 2009 @ 6:04 am

    Glad to hear it, we are going to be adding a lot in 2009 to improve our services and that already started when we took over Site5 in late October!

  3. Ben
    January 12th, 2009 @ 8:05 am

    We are slowly rolling out a new backup system the last two weeks and over the next weeks that will have multip0le restore points. Later we are hoping to let users have access to these backups directly instead of going through support as well.

  4. houshuang
    January 12th, 2009 @ 12:14 pm

    Haha, just too late for me :) But that sounds great. Thanks for letting me know. I've otherwise been very happy with Site5's service.

Leave a Reply

 
« World’s largest university opens almost ALL its materials!
How to restore your hacked WordPress database from Google Cache through Ruby »