I suspected it a few weeks ago when my Google news reader included some garbled code along with my blog’s usual RSS news feed content. Everything then seemed ok, so I let it go. Then Matt Hurst emailed me over the weekend to let me know the homepage of this blog was publishing links to dozens of MP3 download sites in the footer. It was true: Some Internet scum hacked my blog.
Considering the malicious links were appearing in the footer, I went into the footer template of my blog software and deleted a line of code that traced back to Felix Ker. It seems the malicious links have disappeared, but now I’m investigating for further damage and vulnerability. (If you notice anything suspicious, please let me know. The hacker’s publicly viewable impact was invisible to me whenever I was logged into my blog software.)
For the record, I downloaded an enhanced version of Liew Cheon Fong’s three-column Kubrick theme from Felix Ker, which I used partly to create this blog’s layout. Considering Fong, a well-known blogger and coder, acknowledged the availability of the Felix Ker version, I figured it was safe. Perhaps it is safe and I was hacked through some other vulnerability. If you have any insight here, please let me know.
Either way, I’ll be updating to a new theme shortly and taking additional steps to protect myself. If you have any recommendations or suggested reading, please let me know.
The code looks fishy at the bottom of the footer php file
<div id=”footer”>
<?php bloginfo('name'); ?> is proudly powered by
WordPress
<a href=”feed:<?php bloginfo('rss2_url'); ?>”>Entries (RSS)
and <a href=”feed:<?php bloginfo('comments_rss2_url'); ?>”>Comments (RSS).
<!– please link back to the theme download page, thank you. http://www.LiewCF.com/ –>
Three columns kubrick template by LiewCF.
<!– <?php echo $wpdb->num_queries; ?> queries. <?php timer_stop(1); ?> seconds. –>
</div>
</div>
<!– Gorgeous design by Michael Heilemann – http://binarybonsai.com/kubrick/ –>
<?php /* “Just what do you think you're doing Dave?” */ ?>
<?php do_action('wp_footer'); ?>
</body>
</html>
Mike,
Yes…thanks. Working on it. Exploring new themes.
The code looks fishy at the bottom of the footer php file
<div id=”footer”>
<?php bloginfo('name'); ?> is proudly powered by
WordPress
<a href=”feed:<?php bloginfo('rss2_url'); ?>”>Entries (RSS)
and <a href=”feed:<?php bloginfo('comments_rss2_url'); ?>”>Comments (RSS).
<!– please link back to the theme download page, thank you. http://www.LiewCF.com/ –>
Three columns kubrick template by LiewCF.
<!– <?php echo $wpdb->num_queries; ?> queries. <?php timer_stop(1); ?> seconds. –>
</div>
</div>
<!– Gorgeous design by Michael Heilemann – http://binarybonsai.com/kubrick/ –>
<?php /* “Just what do you think you're doing Dave?” */ ?>
<?php do_action('wp_footer'); ?>
</body>
</html>
Mike,
Yes…thanks. Working on it. Exploring new themes.
My computer is acting really weird and connecting to 173.255.219.242 every hour or so (aka http://www.felixker.com) hmmm Mr. Felix Ker…