I’m at SNW and learning a lot about the latest and greatest, including wordpress hacking.
Running the latest version of wordpress, so I *hope* that isn’t the problem.
Combed through the site files and found a few hundred suspicious cache files, which I deleted.
Also appears that my new theme, Thesis from DIYthemes, was hacked as well. Still sorting that out.
Update: It appears the culprit was a hacked “creative” coming in from IDG’s advertising network which reps for StorageMojo. I looked at the source and found no way to determine that.
So how does a “creative” get hacked? Are ad agencies being infiltrated by hackers? Did some idiot download a cute graphic and paste into a layout?
While I like my new theme, I’ve realized that its developers it know way less about security and software development than the WordPress team. And that gives me pause. End update.
Update II: Got another Google malware warning Saturday afternoon and was able to pull the offending script v fast. Also found a “WordPress” document that wasn’t part of WordPress at all. I hope that does it. End update II.
The StorageMojo take
The crack StorageMojo security team is on the case. Sorry for the disturbance.
Now back to our regularly unscheduled program.
Courteous comments welcome, of course.