Oi. I hate finding out I’ve been hacked late in the evening…

Earlier this evening, I got an email from Google saying that they’d added a new administrator to one of the domains I have.

Except I didn’t make anyone an administrator.

It seems that someone had used some of the security holes in WordPress to set up a shadow website inside one of my idle websites, and they’d just told Google they were an administrator by putting a verification HTML file in the web root.

I’ve removed the file, disabled the idle website, and gone through patching the security holes in my WordPress websites.  I’d rather not be hosting a site that’s providing page-ranks for spammy Chinese and Japanese websites.

Now time for sleep.