Timing is everything. My Samsung NC10 netbook had a massive fail yesterday, which left me unable to access this blog (or, indeed, the internet), and some charming individuals seized this opportunity to hack into Twittercism and add some rather nasty exploits.
I couldn’t get the blog or (more worrying) the admin panel to load at all. Wherever I went, I just got an error message.
Even better, Google decided to mark the domain as a malware risk, which obviously has some impact on traffic.
Fortunately, the exploit, which attempted to load a file from the website c8t.at, was fairly easy to track down, and I removed it manually via FTP.
If you’re a WordPress user impacted by this issue, I recommend two courses of action:
- Check your default-filters.php, default-widgets.php and pluggable.php files (all are located in the wp-includes folder), as well as the main index.php file in your theme. I had a single line of code at the very bottom of all of these files (which starts with
<iframe...and linked to a file at c8t.at). Remove it (carefully), save and re-upload your file(s).
- Always make sure you upgrade to the latest version of WordPress. I was using WordPress 2.8.3, which is only a single upgrade behind the current version (2.8.4), but it was enough to allow others to have a sneaky in.
Despite Google’s concerns, the exploit never actually loaded. It simply presented an error message. So, if you happened to visit Twittercism during this period, don’t worry. Nothing bad happened. But the sites (c8t.at and c8t.ru) are known to Google and the warning was legitimate, if a little excitable.
Of course, I’m certainly not in bad company with my blog being hacked. But it’s a lesson learned. Always make sure your online security is top-notch, as the crap has a nasty habit of hitting the fan at exactly the wrong time.