Hacker Attack – Saved by Windows Live Writer

I’ve been cleaning up a mess on 3 different wordpress installations this week (2 sites and 3 installs across those 2 sites).  Long story short, someone managed to get access to the database on these 3 accounts, somewhere between WP 2.7 and 2.8.4.  They then created ‘ghost’ admin accounts and created a big mess in my database.

To clean this up, I had to essentially,

• Delete all of the installation files of WordPress
• Export a copy of my content into xml (not a backup, but an export)
• Create copies of my image file folders
• Install a new WordPress version and install new/fresh versions of all plugins (couldn’t re-upload existing in case something had been corrupted by the hackers)
• Had to change my passwords across the board on databases, cpanels, wp logins and more

That was all fine and dandy, and a big pain in the ass, but I got it done.

But on one of those installations (the home page of my company site at Softduit Media) Half of my images were deleted in the process. 

Just when I thought I was shit out of lucky, I realized that when I opened up Windows Live Writer and pulled these posts or pages in via the Recently Posted option, I could see the images.

I couldn’t just hit ‘Publish’ and re-upload them, but due to the image editing nature of WLW, I was able to make a slite alteration to each image (typically adding a reflection or rounding corners or something) and then I could simply just hit Publish and walla!

My images were saved.

I say ‘were’ from the perspective that it worked on 1 page.  Now I have to go through about 200 other pages and repeat the process, but that’s better than going through 200 pages and adding images from scratch!