As a lovely holiday surprise, a spammer hijacked this hosting account early this morning, triggering lock-down and suspension of my service.
The Exploit: An abandoned (and hence not upgraded) install of WordPress.
This place is now a mess, as none of my PHP pages/scripts are trustworthy anymore. So several of my PHP-driven web sites are partially or completely down: BedlamFaction.com, LifeKnives.com & FirstThursday.info.
Uh.
Thank god my own site (this one) is running in Ruby on Rails.
The Moral: Always remove unused scripts from your webserver's document root.
Leave a Reply