Unbelievable. This website was hacked into, around 8:38pm last night, by someone routed through an IP address in Amsterdam. (I’m here in metro Washington DC). After a desperate plea for help and searching the Web for answers and contacting technical support at my web host, we were able to return online. Special thanks to Matt Constantine!
[update] Looks like I was a victim of a security flaw. Now there’s WordPress 1.5.1.3. And thanks to Joel for catching a missing plugin; now installed.
Recap highlights: The problem was that I wasn’t able to browse to my website nor my WP admin nor any permalinks nor pages. (my browser status line said: “Waiting for…” for a long time; apparently no response from the server?) Tech support thought my .htaccess was excessively long. I spent much time examining my .htaccess files for errors, troubleshooting carefully using the WordPress codex: Fixing Permalink Problems.
To keep my .htaccess file short, simple, and sweet, I use these Alternative Rewrite Rules on the .htaccess file.
I started looking at my raw web log around the time of the last database access timestamp. I shared with Matt a portion of my raw web log. Matt observed some files were modified in my WordPress /themes/ and /plugins/ directories. Some foreign hacker logged in to my WP admin. Not good..
I looked at the themes briefly; then it dawned on me that this was not the first time I’ve had problems with plugins, though this one was malicious. To deactivate a plugin, any plugin, when the admin dashboard is broke, just delete the plugin. I zapped all my plugins.
Immediately, I was able to access my WordPress admin dashboard again! Immediately, I changed my password. Immediately, I wrote this blog post to update all of you patient readers waiting for this website to respond.
WordPress Tip: when the WordPress website is not working, whether admin or the whole site, also add to your troubleshooting list: check the plugins!
To do: I’ve noticed several new WordPress installs with broken RSS feeds. Wish to find an easy step-by-step instruction on fixing WordPress RSS feeds. (not sure if it’s a permalink issue or what; the few I’ve had run-ins with on broken feeds have used default templates, like the Mosaic Podcast blog)
glad to see you back online
yikes!!!!!
Glad you got the problem fixed. I’m glad I just updated to WP 1.5.1.3.
And thanks for your encouragement last year to get my own web site. I was inspired to check out WordPress by your example.
Do you have a list of the plugins that you use?
Plugins that I use (at the moment) are:
Adhesive http://www.asymptomatic.net/wp-hacks , Bunny’s Technorati Tags http://dev.wp-plugins.org/wiki/BunnysTechnoratiTags , Customizable Post Listings http://www.coffee2code.com/wp-plugins/ , Get Custom Field Values http://www.coffee2code.com/wp-plugins/ , In Series http://www.skippy.net/