Okay, yes, the title is absolutely link bait. I am the worst kind of internet ghetto barker, flashing neon and shouting lewd incitements to the passersby, hoping to lure them into hot sweaty posts of ill repute.
Yes, my wordpress installation was hacked. No, you shouldn’t panic. It was an old version of WordPress, 2.4, that I had installed on an unused domain for testing purposes. Somebody figured out how to hack the built-in file uploader included in WP, and they were using it to install folders on all the other domains on that same server. The folders they installed generated thousands of link-farm pages. Assholes.
So, I had to go into search and destroy mode. I needed to find every file on my site that had been modified after a certain date. To do that, I used the “find” command, with a few modifiers. Here’s the full command (type it, don’t copy it)
find . -name "*" -mtime -1 -print | grep -v cache | grep -v logs | grep -v cache
Here’s what it means
find . = “Find some files for me, starting right here in this directory.”
-name “*” = “I want you to find files where the name matches … um, everything (thus the wildcard).”
-mtime -1 = “Once you find those files, narrow it down to just the ones with a modification time of 1 day or sooner.” If you want to search further back, increase the number to however many days back you want to search.
-print = “When you get those files, print them on the screen.”
| grep -v logs = “Now just before you print those file names, filter out any that have the word “logs” in the name.”
| grep -v cache = “And finally, filter out any that have the word “cache” in the name.”
You can modify how far back you want to search, you can modify the names you want to exclude (logs and cache files will always have recent modification dates, so I exclude them from my results), tweak it until it works for you, and then go forth and destroy the intruding files.
Oh, also, GIRLS! GIRLS! GIRLS! Whiskey and Cigarettes! Come on in, sir, experience the experience of an experienced lifetime!