Website Hijack

Sarah made the fatal mistake of telling me that she’d just moved her website and installed Movable Type. The DNS info hadn’t propagated yet, so she sent me the IP of the site (why, I’ll never know). She had already run mt-load.cgi, but hadn’t changed the default password yet (ironically, as I typed this, I thought It’s a good thing I remembered to delete mt-load.cgi! And then I went and deleted it).

So I changed her password and hijacked her blog, like any self-respecting ninja-pirate would.

She was less than pleased.

Her settings were all screwy-like (I think her CGIPATH was off), so it took a good ten minutes to get the password reset. I wasn’t thinking when I changed it and used one of my common ones, so I didn’t want to hand it over if I could avoid it. Thankfully, we managed to get it working so I could change it back to Nelson (don’t bother trying it now, I already checked).

(Click the image to see the big version)