e_header.jpg)
I have been hacked.
I am not sure how or to what extent or even who did it. All I know is that this web site didn’t look right – just the header with the flowers and menu were displayed and no body. Lucky you can see text now!
It took some work, but I finally discovered that some of my .PHP files had some strange code tacked to the bottom of them that started like this
A quick Google search told horror stories of compromised code and a fantastic blog explaining how code can be compromised at Why You Should Never Search For Free WordPress Themes in Google or Anywhere Else.
I also discovered that I can check the code at Sucuri SiteCheck, thanks to a post on WordPress.
Interestingly, I found each theme I had installed was compromised for both this site and Ev’s at The Silent Partner. The compromised files included (but not limited to) index.php, header.php, footer.php – common files in WordPress. All the compromised files had the same date/time stamp of 21 October 2011 at 6:33:05pm – a date and time that I was not logged on to my computer(s).
The theme PrimePress caused most issues, and I had used snippets from it to build the rotating pics in the header. Other themes didn’t display the issues, although they were clearly compromised.
I didn’t investigate what the compromised code did, but surely it was pushing another web site for Google analytics or sending spam or viruses around the world. Something that was not nice.
I suppose it is time to change passwords and secret keys to better protect myself.
