This time it is the Chaos Node that is hacked, not my Google account, which is a relief. Â It also looks like they have done nothing to deface my website. They have run some kind of script infecting a huge number of files in my Slice of Life blog. My storage provider, Dreamhost, has cleaned almost all of these. It seems it is a vulnerability in WordPress that has caused this. This is a recurring problem for WordPress, although it is the first time for me. Perhaps I should have continued to hand-code my website after all!
I have changed my password (since some guys in the UK have used it lately, according to Dreamhost) and switched from FTP to SFTP. That is a file transfer protocol where everything is encrypted, although I am not sure whether that will be of any help when WordPress plugins and themes are vulnerable.
I can understand hacking places with great financial or strategic benefits, but what did they gain from hacking the Chaos Node? Other than sheer malice?
The purpose of this hacking was not to deface the site, and they did not. They simply injected some code that might, under certain circumstances, redirect users to a Russian-hosted website that spreads “malware”, like trojans and keyloggers to steal people’s credit card information and such. I would probably never have exposed it myself, since I largely use Opera, but someone with an old and unpatched Internet Explorer might visit my site and end up having their identity stolen. So I had to take action, even though to you and me the site seemed perfectly fine.