A PHP injection attack is spreading like wildfire among WordPress hosted blogs. For a brief period of time today SBC Today was affected. Although I am no longer contributing to SBC Today, the SBC Today team knows that I know a bit of the PHP computer language, so they asked me to log in and see if I could clean things up.
So, I’m confident now that the important files have been cleaned and the site is presently safe for you to use. Unfortunately, we can’t be certain that we’ve eliminated the security hole that led to this problem in the first place until we completely reinstall the site and restore everything from backups, checking security every step along the way.
For your safety and the safety of your files, we’ll be working expeditiously to make the needed changes. This means that the site will be unreliable over the weekend as we fix everything. Our apologies ahead of time for any inconvenience that we may cause you.
I was hacked twice in the last two months. The most recent was just this week. All php files were infected with a base64 code which redirects the site and tries to load malware onto the persons computer.
Updated anti-virus software will block the attack for the end user. Even AVGFree stops it.
Bart, I can see that it’s still infected and a script is trying to load.
Now’s the perfect time to switch to Ubuntu. :) (I only wish that the people who create malware would repent and use their talents to do something productive and worthwhile)
Brother Bart,
I emptied the “Trash” comments in the comment dashboard this am around 6 AM. Now there are two more “Trash” comments. Has someone been sending them to that bin or does that mean you are closing the security hole.
Also, my personal blog is on WordPress. What should I do to keep this from happening there?
Tim
Mark,
Looks clean from here. Are you perhaps loading a cached version of the page?
Tim,
I don’t know. If anybody knows, they aren’t saying. The infection appears to be more frequent among PHP-based sites hosted by SBC Today’s hosting provider. It may be that THEY have been infected, rather than us (although one HOPES that they have better cross-site security than that). The point is simply that we don’t know.
The infection in question is the “eval(base64decoder(…” infection that Mark mentioned.
Byroniac,
Indeed, sir. Indeed. But the needed switch is to MacOS, not Ubuntu. :-)
Wes,
Although you have not contributed to this comment thread, I feel some moral imperative to mention that this has never happened to me on Blogger. ;-)
I’ve got Ubuntu (2nd best OS on earth), Mac OS (Snow Leopard, best OS on earth so far), and Windows 7 at home. So I’m covered. :)
Bart and Byroniac are now speaking in unknown tongues! Wow! Who would’ve thought it? Bart, the BI, nonCalvinist; and Byroniac, the Five pointer…together….speaking unknown languages.
David :)
Ubuntu is a very good Linux distribution, but you ought to try Mint or openSuse.
Blessings,
Ron P.
Thanks, Ron. I am curious about Mint. I tried OpenSUSE back when but I need to check it out again, maybe with VMware or VirtualBox.
Bart,
Just finished deleting about 6 more of those comments that do not make sense.
Tim
Try Federal Hydro-Shock or Winchester Supreme SXT. Either one of those are real clock stoppers.
Oh, wait. You guys are talking about protection against computer virus. I thought you fellows were talking about stopping “two-legged virus.”
I apologize for buttin’ in. On second thought….Maybe you fellows need some “two-legged virus stopper.”
Bart,
Are you funding the switch to MacOS…..bad stewardship in my view.
For every Mac bought a soul in hell is caught! Meaning all the funding lost for missions that are used in JOBSWARE.
BTW-KDE or Kubuntu is just as good as mac graphics in my opinion!
virus and malware free too!
http://www.youtube.com/watch?v=HVrXtplGt64&feature=related
Robert I Masters
FSF rocks.
Bart,
Did you check the site at the time I commented? I watched the script try to load. It was the same one I had. Anyway, I’m glad you got it all cleaned up. Looks like you are missing Peter’s Custom Anti-Spam for comments.
Tim,
A wordpress.com site should be fine. The infection hit mostly wordpress.org sites. A lot of Godaddy hosted sites were hit and a few others hosted by major hosting companies. The spam comments should not have anything to do with the attack as far as I know.
Right now none of the infected hosting companies have an answer as to how the php files were accessed and infected. I even had a security key in my htaccess file and I’ve since added four. If the companies don’t figure out the problem it will probably happen again. It could be an automated malware script that just continuously makes its rounds.
Byroniac,
I use Fedora and RedHat a lot, but Fedora is a bit bleeding edge and I only recommend it for Linux experts. RedHat is really a server OS and what I use in my job. Mint is a desktop OS based on Ubuntu, but comes multimedia ready. You do not have to install any media CODECS yourself. The next version of Mint is due to be released very soon. So if you want to try it on a Live CD or Live USB without installing it on your computer, I would wait until Mint 9 comes out.
For anyone who wants to try Linux without installing it, using a Live CD is a great way to take it for a drive without changing your computer at all. It runs from the CD (or USB stick) and makes no changes to your computer. You can not do that with Microsoft or Apple.
Blessings,
Ron P.