If you visited The MKX® today and was redirected to a hardcore porn website… you are welcome. However, I must admit this wasn’t me making a quick buck by getting into a new business venture (not yet, anyway). This was me getting hacked.

Again.

It happened again, around 5 AM. I keep WordPress and all plugins up to date, and yet somehow a malicious attacker found a vulnerability on something I use in the site. I verified my logs and they didn’t gain access through FTP nor SSH, so a vulnerability it is.

Most PHP files were modified to include an extra line at the beginning that looks like this (I abridged):

<?php /**/ eval(base64_decode("aWYoZnVuY3R <--- lots and lots of gibberish like this ---> ZW5fNzCB9"));?>

When run in the server, this inserts code to redirect you to the naked ladies.

I assure you that The MKX® is clean… for now. The battle continues.