Just bits on a wire
« Good Design
Bangkok… not so dangerous »

Wordpress hacked

Just noticed my wordpress was hacked recently.  Mcafee shows it as a JS/Wonka trojan.  The problem is outlined here http://en.forums.wordpress.com/topic/possible-hijacked-pages

Basically there is this js function called INCLUDE_DATA that loads some malicious script. Haven’t figured out how it was done, however I noticed some crazy looking javascript in my theme’s header.php. Logging in to my box, I noticed that the files were world writable( whoops!). As a fix I went into “wp-content/themes/<theme_name>” and cleaned up header.php. Then I ran “chmod a-wx *.php” as a defensive measure. This means my theme is no longer editable through the wordpress UI, but that’s alright.

Still not sure how it got hacked. Anyone know how I can trace that info down? In the mean time I’ll be upgrading wordpress and cleaning up wordpress users.


Posted on Monday, February 1st, 2010 at 9:01 pm and is filed under Tech/Dev. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply
If the number doesn't show up properly, hit the refresh button on your browser.