Shit.

The MKX® along with several sister sites (The MKX® Photo Central, La Polla América, etc.) were all hacked sometime in the last two days.

It looks like it was done through a security flaw in tinymce, a WYSIWYG text editor used by zenPHOTO, the photo gallery software I use extensively. Google blacklisted me (the horror!) but after I cleaned things up (or rather, Moi did) I can be visited again without raising any flags.

The extent of the damage is still unknown. So far I know that

• The hack occurred on 2011-11-07 at 18:48.
• Every .htaccess in my sites were injected with malicious redirects. Moi got rid of them. Here’s one sample .htaccess file (as text).
• A malicious file class.images.php with obfuscated code was created somewhere inside the zenPhoto installation. I have no desire to reverse engineer it. Here’s the link to the file (as text).
• An empty index.php file was created next to it.

Looks like I have quite a bit of work ahead of me. Those damn russian hackers! More info here.