This morning, it was discovered that this blog was hacked sometime between 5/16~5/17. It appears to be some kind of injection attack… I don’t actually know what that means, but I’ve been told that’s what happened. Google detected one compromised javascript file, and I’ve replaced it. The hack created an iframe that pointed to a php file at hingham-ma.gov – the official site of Hingham, Massachusetts (looks lovely, btw.). The php file itself no longer exists, and based on some googling it had infected some other sites this month. I’d recommend running your usual antivirus/rootkit programs if you’ve visited during this time period. Also, look for cookies from the higham-ma.gov domain and delete them.
Apologies for the problem, and some time away from posting until I can be sure the hack has been thoroughly eradicated.
Edit: The culprit is some kind of webshell, and infected pages attempted to download the Clagent B Trojan. We are in the process of reinstalling WordPress. This appears to have been part of a larger exploit affecting our hosting provider.
Edit 2: Testing new WordPress installation.
No comments
Comments feed for this article
Trackback link: http://www.icaruscomics.com/wp_web/wp-trackback.php?p=5093