Mar 2009

WTF happened to my portfolio site?

Posted by: Rin
filed under: Web &Work
Tags: ,


I really hate it when it happens to me. Come to think of it, no cialis online pharmacy one likes their website being hacked into and losing all their data. A potential client messaged me this afternoon saying that he cannot view my portfolio site. Astounded, I went over to my website to take a look. It came as a shock to me. The entire website (with WordPress as the CMS) is changed.

My old website…

is hacked into…

Littlevault Hacked

Immediately I went into the WordPress admin and found that I could not log in at all. After accessing the mysql tables I found this

mySQL user

The hacker himself has left something which I can identify him by (vicyland[at] His website and profile are as cytotec kamagra supplier dosage below:

Hacker <a href=Order Generic Levitra Super Active+ Online without Prescription page 1″/>

i need to buy propecia ref=”shadowbox”>Hacker page 2

Hacker profile

From China, Hebei Province, 20 years old Male, studying buy antibiotics online in Hebei Medical University. What you have to say about breaking into other people’s intellectual property?



30 comments to date:


  1. xD, your website is so interesting that attract Chinese Hacker’s attention. Suggest you back up your data at certain time, and enhance security of your site. I’m developer in Shanghai. :)


  2. 安慰一下两位好人,希望以后加强防范


  3. I wonder why he did it at all… you seemed to gain back control immediately. What did you do to the guy? Did you report him or anything?

    Really. Please tell. =/ You just got us visitors more curious…


  4. 我了解主人懂汉语,也就不用英语了==
    1,我既没有hack, 更没有存心攻击且删除数据, 据我个人估计是您的服务器出现问题;
    2,我之所以访问到那站点, 也是从这个站点链过去的, 却发现出现WP安装, 一度以为是提供WP服务==


  5. @Tod, tinyfox:
    Thanks I’ll take your advice to heart.

    Nope currently I did not do anything except writing on this blog.

    Since you know English, it will be much easier for me to communicate without typing in Chinese.
    1) There are many WordPress installations out there. And yet only mine has this problem? is also using the same webhost and same webspace as with, but only has this problem?

    2) What you did, intentionally or not, is defacing another party’s website. You might think “Oh it is a server problem, I was there at the wrong time and it happened.” Truth is, no matter what intentions you have, the site is still defaced by you.
    It is like playing ball games at a neighbourhood field, you throw the ball a bit too far and break a neighbour’s window, do you still try to cover up the incident to say things like “oh it is the wind, the fengshui, the shape of the ball”?

    3)Both parties, me and you suffer loses. For me, my data and some potential clients and for you, negative reputation over a small sphere in the worldwide web. Cause and effect my friend, whether we like it or not.

    4)I do not view my handling of this matter as too rushed without putting much thoughts into it. Come to think of it, why didn’t you email me when such a major thing happened? Keeping mum about it only increases the doubt in the credibility of your innocence. If you deface some other major websites by accident, I am sure that you will be prepared to see a lawyer’s letter, not just a rant post on a personal blog.


  6. 1、我之前从来没遇到这种状况,所以在那种情况下,谁知道这到底发生什么了,而之后完成安装之后我才意识到这到底发生什么了。事后我和一位朋友说起,他也提到发生过有此问题也出现过(您也可以询问您的朋友是否也有过如此经历)。至于为什么这个页面没有出现问题,我想可能的因素会非常多。


  7. Is there anything we can do to people who hack into other people’s site? If the guy is in China, I can think of any available course of action that you can take.

    Adrian Lee

  8. 天哪,太不可思议了。赶紧告诉wordpress技术人员。难道博客系统存在严重bug?


  9. @adrian lee
    from Rin’s latest comment, it appears that Dulce is the person who ‘accidentally’ hacked the portfolio site.

    I think Dulce is claiming something about both of them being victims of a bad host or wordpress installation or something.

    But don’t quote me on that. I don’t understand Chinese. =/ Just picking up context clues… *points at Rin’s comment*

    It seems that that is the reason Rin wouldn’t pursue the issue. =) Because the other party claimed innocence. he’s just ranting his frustrations on this blog post.


  10. Infact I’m a Chinese too, I don’t konw what’s the problem with rin’s blog but I hope everything will be OK.


  11. So Rin this is a web hosting issue you had with your and this other guys database conflicting with each other? Or was this some exploit in WordPress itself?


  12. What is it with China and hacking American sites?!!

    I work for a web development firm and a hospital site, which is impossible to find unless you live in the area and know the name, was hacked and the DB was corrupted.

    Insane. Sorry to hear about your problems.

    Web Developer

  13. My English is very poor!…

    我从Css vault链接到你这里!因为很喜欢rin-wendy这个风格!



  14. 根据Dulce说的,似乎是因为wp的config文件不存在,所以才被引导到了创建wpconfig文件页上了


  15. I’m sorry to hear it. Good Lucky Forever..:)


  16. 没准是个误会,不过,中国的哥们们看来很喜欢你们的夫妻博客,呵呵


  17. Hello Rin,

    I’m sorry to hear such a hack. I don’t speak in Chinese but a quick translation of Dulce’s first comment says:

    2. I did visit the site there are also links from this site over the past, but found WP installation, once WP is to provide services that.

    If I trust what Dulce said, this a rare problem in WordPress, someday your database will get a problem and WP will throw the installation file in front of you.

    See this link:

    I think adding .htaccess password to the wp-admin folder will solve the problem, so no one will have the ability to re-install your server!

    J Mehmett

  18. I’m not good at english.
    Infact I’m a Chinese too,I hope everything will be OK.

    Distant Memory

  19. 这里好冷。。=.=。。


  20. I think you should back up your wordpress files sometimes to prevent the lost of data if someone hacks your websites again. Wish you luck! Hope the site will be back!


  21. Hi Rin,
    i really love your blog theme. Can i ask you share it to me and my wife. I think my wife will very happy when we use this time.

    Thousand thanks

    Nam Le

  22. came to you via the beautiful rin-wendy block and I am really shocked to hear that. Hope you will be back professionally soon.Let me know, when you are!

    All the best and Greetings from Germany!


  23. I just read somewhere that there’s a bug in wordpress that someone can just get to your wordpress installation script and reinstall your blog and then gain imediate admin access.

    You need to delete the install.php script inside wordpress after successful installation.

    If you don’t delete the file anyone will be able to reinstall your wordpress.


  24. Dulce说的是有可能的,当配置文件丢失的时候,WP确实会提示访客“是否重新安装”,况且如果真是他黑的,应该不会留下名字。




  25. 这是一件令所有人都很遗憾的事情



  26. I am sorry for you Rin… it should not happen to you..


  27. 我是从的连接来到这个博客的,在我看来这件事情并非黑客所谓,任何以为黑客不会采取这种攻击网站的形式。而对于Wordpress本身如果丢失wp-config.php文件而又存在wp-config-sample.php文件是允许重复安装的,再下一步会提示输入数据库,如果表和数据库信息是使用的你原来的信息,那么这个数据是不会丢失的。但是如果使用另外的数据库或者表的前缀不同,这样才会造成重装。即时被重装了,你的WEB数据依然存在,只是出于没有激活状态。从理论上来说Dulce是不可能知道你数据库信息的,所以在上面的推测都不存在。


  28. 另外,我很期待您的新版本。


  29. Hi Rin,

    sorry for you, an excellent idee to use a site for two persons.

    It is possible to use your rin and wendy themes for my own site?

    kind regards and good luck


  30. hey, rin,

    it’s very ridiculous~~

    i know that guy who hacked your site…

    but from my perspective, he is not that kind of person, and additionally,he is not that capable…

    you can visit my web site, and find him.

    He always leaves comments at my blog.



Leave a Reply