I’ve been battling a hacker on this blog for the past two weeks. Perhaps you noticed the pharma spam redirects that just wouldn’t go away, despite reinstalling WordPress, moving servers, switching to a default theme, removing all plugins, locking down the admin with HTTP authentication, changing ownership and permissions on all files, etc. etc. Just to clarify it’s not just me doing the battling, I have had TONS of help from a couple of Netconcepts’ finest sysadmins (a big shout-out to Dave and Drew for the late nights!). It occurred tonight to Dave that this attack might be personal, because the hacker was vehemently expending so much effort to break back in and cause havoc each time that a hole was closed. But what did I do to deserve such violence? And to also target the blogs of my three children and of my Netconcepts colleague Chris Smith is really sick.
A helpful visitor emailed me a couple hours ago a screenshot of a popup window with a ransom note of sorts. Apparently the hacker heard me present at PubCon on December 5th and didn’t like me and/or what I had to say. The message was clear: either the hacker says his piece on this blog or the attacks will continue full-force. Here’s the screenshot:
That’s pathetic — resorting to a criminal act against me instead of simply engaging me in a dialogue through commenting or emailing me. I’m happy to take constructive criticism. But Mr. Lawless Hacker: don’t threaten me, don’t try to intimidate me, don’t steal from me, don’t vandalize my sites, and don’t harm my family or my colleagues in the process. Okay, so you want to take me to task for something, so be it. Do it in the comments.
SIGN UP FOR EXCLUSIVE WEEKLY CONTENT 
Do you think this is deterring anyone from commenting on your site for fear they will also be targeted? I removed the URL section of my comment for this reason.
Apart from this, talk about a gross misuse of ability and knowledge. Even if your actions were really so offensive to this individual, that’s simply a bi-product of the internet. It gives no one the right to deface your website.
The “hacker” asked for and open discussion with new posts? I wouldn’t think moderating feedback qualifies as an open discussion?
I don’t know you from Adam but I’d be curious how I would have perceived your comments about net security. I think the “hacker” although breaking the law might be teaching something you lack? Maybe some humility?
Good luck with this, I hope one if not both of you learn something from it all.
FYI it’s pretty hard to read the “ransom note”.
Wow, this guy got really irritated somehow. It’s sad when people have to step this low in an attempt to communicate their feelings. He should take a class on interpersonal skills, even read the book “How to win friends and influence people” wouldn’t hurt.
How does this guy sleep at night?
I read article and this is amazing what this guy could do. He survived all of your tricks “despite reinstalling WordPress, moving servers, switching to a default theme, removing all plugins, locking down the admin with HTTP authentication, changing ownership and permissions on all files, etc.”. I would disagree with person saying he is an “amateuer”, I think he has very sharp skills.
If I could hire this guy to work for me I would do it.
I get hacked all the time and now I was “fired” by my web host because it was too much trouble. The hacker would crash their server all the time.