Two days ago a friend of mine pointed out that some of my posts displayed a related link to one or more pages on my blog that I had not actually authored. I don’t generally use the pages feature of BlogEngine.Net, so you can imagine my surprise to find that my blog had been hacked by someone trying to promote a cause. If any of you were offended by that content, I sincerely apologize.

I quickly removed the rogue pages and found that the most likely point of entrance was a vulnerability in the combination of Disqus and the version of BlogEngine.Net that I had been running. The upgrade was not terribly hard but it was a bit tricky. Several side effects of the upgrade included a number of broken links to older posts that used double escaped characters in their title and links. This required enabling requestFiltering with allowDoubleEscaping="true" in the web.config.

The upgrade also sports a far better theme structure and rather than take the time to migrate my custom theme, I decided to go with the existing standard theme with just one or two modifications. This includes the new blog logo, an homage to the company that made my first computer—Commodore.

And finally, of course, just to be sure it wasn’t a simple case of Javascript injection via a malicious comment, I changed all my passwords. I also deleted older non-Disqus comments and updated my Disqus settings and password. For now, I’ll keep the current theme. It suits me. And with all of that out of the way, I can get back to keeping this blog current with what I hope will be useful material.