int2e blog

Earlier today Matt Cutts wrote:

My site has been acting a little slow and weird today. I checked my logs, and I’m seeing a lot of GET requests causing strange errors. Most of the requests have escaped Unicode characters, but they don’t appear valid. Sorry that the site is kinda slow; I’m going to be away from the computer until around late Monday, so I don’t have time to check it now, but I’ll try to track it down when I get back.

It looks like Matt was seeing some attacks coming in. At least one of those attacks appears to have been successful:

It appears that only his blog, and not his entire site have been defaced. Last night he upgraded from WordPress 2.0.x to 2.1.x. I wonder if there are known security issues with the current version of WordPress, or perhaps with some of the plugins he’s using.

On the defaced page, there’s the quote nous sommes le proprietaire de toi which roughly translates in to “we are the owner of you”, or perhaps simply pwned. In the defacement there are some odd nicknames for popular SEO bloggers. Here are a few that I’ve figured out so far:

• pentazilla = Quadzilla
• RandomFish = Rand Fishkin
• Shchoeoe = ShoeMoney
• lejackalgris = Graywolf

Which other ones have you figured out? Feel free to post below.

P.S. The main question is, was the attack really an interesting GET request with Unicode-encoded characters, or is it an April-1st-based attack? Matt claims he’ll be out of touch until April 2nd, so we’ll just have to wait and see.

This entry was posted on Saturday, March 31st, 2007 at 9:05 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.