Site was hacked… hopefully fixed now

I heard from Tim and Jason that my RSS feed was full of spam. I couldn’t find any trace of it until I checked via Google Reader. Then I found some PHP injection code (in some database entries) that only added spam when accessed by Googlebot.

I took the site offline, deleted all suspect database entries and files that I could find, changed all passwords, and added some additional security measures… I hope it all worked. Webpages and feeds (RSS and atom) look fine when I use curl to masquerade as Googlebot.

Unfortunately, the Google cache for this site now contains many pages of spam. Hopefully it gets updated soon and the new cached pages are clean. Since this is the first post after the cleanup, I imagine that it may trigger whatever hacks added spam if the first place (if they are still around). Fingers crossed that it’s all good.

Sigh.

Update: Seems alright (Google Reader users may have to click “refresh” though – I think it caches feed info). Oh and new theme: surprise!