The cracks are showing

At 9-45am this morning, hackers broke into Hot Topic’s WordPress installation and wreaked havoc. I’ve wasted a whole morning trying to put things right — and we’re slowly getting there. It will take a while to get the look and feel back to normal, and I’m sorry to say that we’ve lost all comments made since my last database backup (yesterday morning). I do have email copies of those, so if anyone wants their words of wisdom restored, let me know. Registered users should change their passwords by logging in and clicking on your name to access your profile.

[Update: Getting there… slowly…]

[Update2 5pm: I think everything’s now cleaned up.]

7 thoughts on “The cracks are showing”

  2. The mystery hack… No emails stolen (they’re not on the HT server), but they might have escaped with a copy of the PDF edition of the book. I hope they read it! All seems to be working properly now, but if you find anything that’s not behaving as expected, let me know. Got to get on with some real work now…

    1. Here’s one of the entries I presume to be from the hacker:

      78.93.92.231 – – [18/Dec/2009:09:41:54 +1300] “GET /wp-admin/theme-editor.php HTTP/1.1” 500 1190 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; ar; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2”

      Someone logged in to an existing user, somehow gave that user an admin role, and then started fiddling with the install. In this case, they edited the theme files to deliver the front page, and – I think – give lots of hits to someone. If you want to see that code, I can send you the file…

      The false login was with the email address “AI7@HoTMaIL.CoM”, and the page was littered with mailto: uae-hackerz@live.com.

      Let me know if you find anything…

  5. What a filthy business, Gareth, I’m sorry to hear about it. There’s no winner in this kind of vandalism. You’re not hurting anybody here, you’re talking about stuff, and that ought to be free!

    Glad the site seems to be intact.

    Cheers,
    Richard.

Leave a Reply