So, apparently my blog underwent a minor attack last night. I woke up this morning to an email saying that my new blog had been set up at shamuswrites.com. Now this sent a slight cold chill down my back, since I clearly already have a blog here. The email gave the typical administrative username, but what really made my blood run cold was the next part that read, “Password: Inherited.” I checked the site, and sure enough, what I saw was the initial setup screen that asks for the name of your new blog and an email address for the administrator. Not good. Not good at all.
My next step, then, was to log in to phpMyAdmin and double-check the database for my blog. All the tables were present and accounted for, and the sizes looked about like they should for 4.5 years of blogging. So, I backed up the database real quick and then repaired all tables (since I’ve had problems with a table breaking in the past and messing up my blog). After that, everything came back to working order again, which is a huge relief.
My theory is that someone tried to access the install.php file, probably by a roundabout means, in an attempt to either access my site or corrupt it irreparably. The attempt clearly failed, but it did nearly cause me a minor heart attack. I’ve since deleted both the install.php and upgrade.php files, just to prevent this sort of thing from happening again. In theory, not deleting them shouldn’t cause any harm, since accessing them after an install or an upgrade generally only returns a message saying you’ve already done that, but I also wouldn’t be at all surprised if hackers have found ways to exploit those files for their own amusement. I’ll likely make a point of backing up all my DBs on a more regular basis now (especially since SSH makes it so darn fast and easy to do), just to make sure that if I do get hacked at some point in the future, it will be an easy task to return things to a general state of order again.