I’m really lax about updating my wordpress install. Turns out I got burned this time, and inadvertently hosted a bunch of links to various flavors of porn site.
I was on an ancient (and security hole ridden) version of WordPress, and I wouldn’t even have noticed if the hack didn’t also break posting new entries. I was attempting to post my previous entry on Ruby programming, and the post wasn’t working. So I figured it wasn’t working because of the programming language syntax being rejected somehow, so I would update to a more modern version. Which I did, and that still didn’t work so I started poking around the log files. Lo and behold, my access log is full of requests for html files in a subdirectory of the site. They shouldn’t be there I thought!
So I’d been hacked- someone got remote access to my account using this hack in a file “ro8kfbsmag.txt” (more info). All cleaned up now (I think) but not how I’d meant to spend my afternoon.