I have been hacked.

I am not sure how or to what extent or even who did it.  All I know is that this web site didn’t look right – just the header with the flowers and menu were displayed and no body.  Lucky you can see text now!

It took some work, but I finally discovered that some of my .PHP files had some strange code tacked to the bottom of them that started like this

A quick Google search told horror stories of compromised code and a fantastic blog explaining how code can be compromised at Why You Should Never Search For Free WordPress Themes in Google or Anywhere Else.

I also discovered that I can check the code at Sucuri SiteCheck, thanks to a post on WordPress.

Interestingly, I found each theme I had installed was compromised for both this site and Ev’s at The Silent Partner.  The compromised files included (but not limited to) index.php, header.php, footer.php – common files in WordPress.  All the compromised files had the same date/time stamp of 21 October 2011 at 6:33:05pm – a date and time that I was not logged on to my computer(s).

The theme PrimePress caused most issues, and I had used snippets from it to build the rotating pics in the header.  Other themes didn’t display the issues, although they were clearly compromised.

I didn’t investigate what the compromised code did, but surely it was pushing another web site for Google analytics or sending spam or viruses around the world.  Something that was not nice.

I suppose it is time to change passwords and secret keys to better protect myself.


This entry was posted in Computing. Bookmark the permalink.