I'm Biggie: avid cook, speedy lunch packer, mom in San Francisco, & former expat fluent in Japanese. 
Hacked!
Last week evidently this site and many other WordPress blogs were hacked in a subtle way, with hundreds of invisible links added to the site without my knowledge (more info on the attack here). This resulted in Lunch in a Box being deindexed from Google, Yahoo and other search databases, and explains why Google Ads for unrelated topics like bad credit fixes and Viagra started appearing on the site as of last week. I’ve cleaned up the code and am plugging the security holes, but wanted to let readers know that I may need to take the site down temporarily over the next day or two as I work to ensure that this won’t happen again. Please accept my apologies for any inconvenience this causes!
I’d also encourage any of you with WordPress blogs to view your page source code, and do a quick search on “credit” and “viagra” to ensure that you haven’t been hit as well. More info is in the link above.
UPDATE: Evidently upgrading to WordPress version 2.5 will close the security hole that let this happen. Unfortunately, I needed to restore the site from backups during the process, so have lost some comments that readers left over the weekend. D’oh!
April 7th, 2008 | Categories: admin | 
Print This Post
| 
Email this post
Loading ...
April 7th, 2008 at 11:09 pm
Hey Biggie, as a fellow Wordpress blogger, I just discovered Wordpress Automatic Upgrade plugin. http://techie-buzz.com/wordpress-plugins/wordpress-automatic-upgrade-plugin.html
It makes upgrading your blog sooo much easier and faster, and also will upgrade your plugins from the plugin page.
April 8th, 2008 at 4:01 am
Wow. Thanks for mentioning this! I recently upgraded to Wordpress from Bblog (because it has better features and Bblog is no longer being worked on). I don’t use ads, and most of these “hacks” seem to be targeting blogs with ads, but I’ll still check my source code from time to time.
April 8th, 2008 at 5:15 am
How dare they hack you!! Glad you got it all figured out. What a nuisance.
April 8th, 2008 at 6:53 am
@1 from Kat: That’s a great plugin, thanks! After a false start yesterday afternoon, I finally wound up creating a functioning test bed in a subdirectory, upgrading the test bed WP via Fantastico and making sure everything worked first. Once that was done and customized the way I wanted it, I made backups of the real site and upgraded via Fantastico (how I installed WP in the first place). What a breeze! The actual upgrade took less than 5 minutes of site down time, as opposed to my bungling manual install yesterday afternoon that got me into trouble.
April 8th, 2008 at 6:55 am
@2 from Sile: Evidently the trick is to upgrade your WP to the newer versions promptly, before hackers can take advantage of announced/plugged security holes in older versions. I’m guilty of not upgrading fast enough, thus leaving the door open.
April 8th, 2008 at 7:00 am
@3 from veganf: On looking into it, this round of hacks seems pretty widespread (including ZDNet, so I’m in good company!). It was a good educational experience for me and I didn’t wind up really losing content, so it worked out in the end. I’ll get reindexed by the search engines eventually and I’m not overly dependent on search engines for traffic — it’s all good, and humbling.
April 8th, 2008 at 9:15 pm
I haven’t noticed any hacked ads, but then again, I use FireFox and don’t see ads anyway… I love the blog, keep it up!
April 8th, 2008 at 9:25 pm
@7 from DGibb: Those ad-killer apps are nice, aren’t they? My husband uses one and loves it. Anyway, I yanked the larger Google ad until the site is reindexed a little better. I’d rather hold off and show relevant ads rather than annoying bad credit ads.
April 9th, 2008 at 1:50 am
oh I made a comment too, it seems to have dissappeared… whatever. I am happy nothing of great importance seems to have gone missing.
April 9th, 2008 at 2:02 am
@9 from Jessika: Some things are still wonky as a result of the deindexing (my Google-powered internal search results are DOA) and the WordPress upgrade (Japanese fonts aren’t displaying properly), but I’m working on it. It’s a blessing that more was not affected! (knocks on wood)