When someone hacked into my website last week I took the lazy approach. I didn’t bother looking through my log files to see how they managed to hack in. I just assumed that the hacker had gotten in through a security hole in Wordpress. I dealt with the problem as such. I deleted all of the files that had been changed and I updated to the latest version of Wordpress that included a number of security fixes.I was happy. I had fixed a major problem in a very small amount of time. Or so I thought at the time.
Yesterday, I got an email from my server’s host informing me that there was malware on my website, and that I had 24 hours to remove it before they shut down my website. This time I took a more thorough approach. I put my website temporarily offline, and began to sift through all of my log files. I narrowed the problem down to a certain page in the gaming system that I run on this website, and I began to google for details. After a few minutes, I realized that there was a major security hole in the gaming system that allows someone to take control of my entire server. Luckily, the hacker didn’t seem to know entirely what he was doing, so the damage had been minimal.

Right now, the damage is mostly fixed, and I’m going to take a break. I’m sorry for any problems that this caused any of you. I’ll post more about this later.