Spam-Whackers got hacked last Sunday or Monday. I haven’t been able to determine who the hacker was but I have some leads. I’m 99% certain it was a comment spammer.
Before jumping to conclusions this happened with the latest update from WP. Any site can be hacked.
As far as I can tell at this point all they did was change my admin password and email address, which resulted in my not being able to log into the control panel, or to request a new password.
Additionally they changed the index.php for spam-whackers.com, and changed the content of akismet.php, which catches most of the comment spam. By changing the content of akismet.php the plugin ceased to function.
Since all first time comments are held for moderation I don’t believe any of the comment spam actually got posted. It was a pain to go through the 60 or so comments and mark them as spam one by one. I think I approved one comment out of all the comments waiting for approval.
This allowed me to start taking control of spam-whackers again.
I have taken some steps to make spam-whackers more secure. I will write about some security measures for blogs in the next few days.