My WordPress install got hacked a week or more ago, and I couldn’t work on figuring it out until tonight. Well, it looks like some hacker found out my wp-config.php file had some bad permissions set and he inserted some code in there that basically scanned every php file on my site and injected every php file with code that will redirect users to various malware sites.
It was easier for me to edit every php file rather than re-download all my plugins again (except the W3 Caching plugin – it has about 100 files). I also had to reinstall the theme because it was fully infected, too.
So, everyone, make sure you have proper permissions set on all your files or things like this can happen.
Download this page in PDF format
Yeah, its good to read basic linux administration guide before starting your own webserver. :/
No offence, Mr.Romero, really. Its a bad thing to redo any type of stuff, its good you discovered it. Steath injection would be even crapier(like 1pixel external link, that points to some site thus all ppl visiting planetromero bring the cracker money). Noscript is one of the reasons I love firefox.
Btw, is any chance of any linux gaming software coming from your feather? Even proprietary.. Its sucks a lot hearing about how windows is great for gaming(which it is not and it sucks in daily usage) or macos(which is just BSD, overpayed, without big hardware choice, DRMed etc). Linux is awesome OS, would really appreciate devs stop to ignore it. At least in the days of SDL.
Thanks for wiping my linux comment, John.
My first game was Wolfenstein, I had also bought Commander Keen series, Doom1&2 and Heretic later.
Thanks a lot, I will never ever visit your site. Bb!