Yep, I did get hacked. I guess I must be doing something right if someone felt the need to hack my site. It’s my own fault, really. There’s a particular file that comes with MovableType that you should really delete after you finish installing it, and I swear I did remove it. Really. Still, it appears I must have re-uploaded said file when I did the recent upgrade to version 2.11. Well, someone came along and ran that file and managed to gain control of my blog right as I was in the middle of a big new entry. You can imagine my surprise when I hit SAVE and it asked me to login again.
Looks like I’m not alone as several other MT using folks have reported being hacked as well. About an hour’s worth of emails back and forth with Ben from MT resulted in a small set of scripts that allowed me to get rid of all the bogus accounts the person made and recreate my own account from scratch. For some reason I’m not sure of, the hacker didn’t do any further damage than to lock me out of my own blog for a few hours. All the blog databases are here and intact and all I’ve lost was some time, some face, and that one entry.
It was a good entry too.