What the hell is going on, EXBC?

You’re up, you’re down. You’re back up, you’re back down. Now you look totally different.

In short, I have no idea. Basically, our site got hacked. H@x0rd. pwn3d. Beat to living shit. It sucks. And as for how it happened, I’m still not sure. I did my research and I’m trying my best to get things working correctly again. I had brought the site back up temporarily last night only to discover it had been compromised again! What a kick in the ballsack that was! So now what?

Well, I’m taking this very slowly now. As you can see, this is clearly now our usual design and none of the mp3 download links are visible. In “WordPress” speak (which is the content management system EXBC uses), those are what are referred to as “themes” and “plugins” respectively. I’m trying my best to narrow down where the problem exists. So by doing this step by step, I’m hoping I can figure out what’s causing/allowing the hack. It may be my theme, it may be one of the several plugins I was once using on the site. It could be something completely unrelated. I’ve already started a discussion with my web host to see if there’s anything fishy going on that they can help me out with.

Much like most of my relationships (present one excluded, obviously), this is gonna be a doozey. Please hang with us. I’m doing my best to get things back up. If you subscribe to the podcast via RSS, you can continue to do so I believe as I post the mixes they should still appear. The feed may be broken from time to time but as they appear, they’ll be there. If you’re already subscribed via iTunes, just hang on to that subscription.

Thanks in advance for understanding. I apologize if any of this malware has affected anyone.

This entry was posted on Thursday, July 1st, 2010 at 8:44 am and is filed under Announcements. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Robb

Thanks for the update, it is good to know you are working hard at getting this back up. I visit this site almost daily and listen to a lot of the mixes, really helps get me through software design documentation ;)
http://www.expansionbroadcast.com IllEffect

Thanks Robb. I’m doing my best. I think I’m gonna let the site marinate in its current state through the rest of today. Then tomorrow, I’ll probably add in the plugin I use to handle the podcast/mp3 stuff. Then I’ll sit on that for a little while. If no problems crop up, then I’ll start working back in the theme. I may just end up recoding the theme just to play it safe.
Robb

It would be interesting to know how it got hacked. I mean can you check IP logs and search for anything suspicious? Was a plug-in recently installed with malicious code? I suppose it’s difficult to track something like that down.

Good luck!
http://www.expansionbroadcast.com IllEffect

There are logs I can try and comb through. I haven’t taken the time to do that yet. That just sounds tedious as hell. I didn’t install anything new recently. The only thing that happened somewhat recently was my WordPress install was upgraded to 3.0. So at first I started to think it was something to do with that but I googled around and didn’t see anyone else having security issues with 3.0. After some further investigation, I realized that every single .php file on my shared host account had been corrupted. I actually had several wordpress installs scattered across my domains namely on synbydesign.com because I ususally end up doing a custom WP install for client work. Its possible one of those was the vector.

What really throws me is how everything was somehow corrupted again last night. I deleted virtually everything off all my domains (at least any php files) and left behind only mp3s. I reuploaded my “uploads” for my WordPress and reinstalled new versions of all my plugins from the source. So my thinking its either got to be something in my uploads folder (though I doubt it because I combed through that thing and left only image files behind), something in my theme, or something in my custom plugin I wrote myself. That, or one of the plugins I use is corrupt at the source and just no one has reported it yet. *Shrug*

Expansion Broadcast

Expansion Broadcast is a dubstep, future garage, bass, and drum and bass radio show hosted by DJ's IllEffect (Erictronica), Whighzeguy, Deinfamous, Stepan, Refugee, and Encryption. This podcast includes archives from the show, studio mixes, and so much more.