grump…

i discovered that there’s a new wordpress hack that’s cropping up on sites that haven’t been upgraded, but there’s also a nifty exploit scanner that makes tracking down wordpress hacks a lot easier.

i upgraded to 3.0.4 a couple of days ago (when it came out), so i wasn’t caught by the most recent hack, but when i ran exploit scanner it found a whole bunch of residue from the last time i was hacked which i had missed when i was cleaning up. it probably didn’t do anything any longer, because i deleted the files that contained the code that the hack was referring to a long time ago, but i’m glad i got the rest of the stuff out of there, because if i had come across it again, randomly, it would definitely have freaked me out…

exploit scanner is actually good enough at what it does that it finds things in my blog that aren’t exploits, like my anti-spam plugin (which uses the same code that they use in hacks to obscure the form field that you’re not supposed to fill out, but the one that spam-bots fill out because they don’t realise that it’s obscured) and various bits and pieces of my theme, but, fortunately, there is an easy way to tell the difference between legitimate code and code that has been hacked, so i don’t worry about it… that much.

and a couple of the places that had residue were things that i installed a while ago, but have consistently not worked correctly pretty much ever since i installed them, which makes me wonder if they will work more consistently now that i’ve removed the residue of being hacked…