A few days ago I reported that my blog had been hacked, most likely due to a vulnerability in the previous version of WordPress I was using.
Well, at that time I thought I had cleaned out the infected files, but it turned out that a few files in the parent directory of my blog (http://locut.us/) were still infected. This wouldn’t have been a problem because nobody really visits those files, but unfortunately Google’s web crawler did, and as a result Google has decided that my blog contains malware. Now, if you try to visit my website in Firefox 3.0 – you get a big scary warning!
So I’ve had it running my own WordPress installation, unsure of when it will next be hacked, possibly with even worse consequences than this time. Frankly, it is absolutely ridiculous that such a mainstream application could be so insecure as to leave tens of thousands of websites vulnerable in this way.
Even though I’m a bit wary of rewarding WordPress for their insecure software, I’ve decided to migrate my blog to their hosted service, as you’ll be able to tell if you look at the URL right now.
I’ve requested that Google remove my former domain from their danger list, but they say that it could take several weeks – in the meantime its not exactly going to do wonders for my blog’s traffic :-(