Sometime yesterday evening, I loaded this blog into my browser. Instead of the soothing grey and navy design, I found the following text:
My first thought was that the server had somehow gone down, and that this was some sort of replacement page (albeit not a very informative one).When I found that I was able to access the rest of the site, I knew something major was up.
Accessing the site through FTP provided some more useful information. The normal "index.php" file had been renamed and replaced by the 3 bytes of information you can see above. Concerned, I restored the normal file.
Looking through the HTTP access logs did not display any useful information:
18.104.22.168 - - [24/Dec/2004:17:35:33 -0700] "GET /blog/index.php?p=176 HTTP/1.0" 200 24279 "-" "msnbot/0.3 (+http://search.msn.com/msnbot.htm)"
multiple requests for Pitchfork RSS feeds redacted
22.214.171.124 - - [24/Dec/2004:17:36:33 -0700] "GET /blog/index.php?p=151 HTTP/1.0" 200 3 "-" "msnbot/0.3 (+http://search.msn.com/msnbot.htm)"
Browsing around, I found that anonymous FTP access was enabled. I found this strange, since I remember turning it off at some point in the past (some point several months ago, after which I thanked my lucky stars that nobody else had noticed). Assuming that someone stumbled upon the server, I am at least slightly happy that they did not decide to delete everything (I have backups, but it is the principle of the matter).