My Site Hacked

I found out somethings:

  • Hackers Googled for weak sites, mine was one, the search on 'inurl:page filetype:php include failed' – this lets them ID sites that recorded errors on includes.
  • Because of that error the hacker was able to search on some other files in the site that had no links to them (i.e. dead pages) but they still worked.
  • Because of poor programming practices, I had left a backdoor into my blog edit page, and well they found it.

I am tightening up the site, so hopefully it won't happen again. I also contacted Adelphia.Net for the IP Address. I will update soon.

(afternoon) Just got an email from the hacker asking not to report him… I replied and explained that they cost me money and time this morning that kept me from my work. I am not sure if I will do anything legally but… Time will tell…