One of my regulars writes, re the recent spam-raping of the blog
>I’m still trying to figure out what the attack was. All the comments were replaced by spam?
No. What happened was that on Sunday night I caught a bot in the act of replacing real comments with spam, oldest first. It was working its way forward in time, apparently limited by the spped at which the PHP in WordPress could respond. It was very lucky that I caught it as soon as I did; I happened to need to look at a post from 2002 twice within minutes and saw the comments had changed.
I think the purpose of replacing oldest comments first was to delay or prevent me from noticing what had happened until the whole blog was corrupted. And corrupting the blog wasn’t the actual aim, anyway; what they were actually trying to do was boost the Google ratings of various shady marketing and scam sites by stuffing a fairly high-ranked blog with links to them.