If you visited The MKX® today and was redirected to a hardcore porn website… you are welcome. However, I must admit this wasn’t me making a quick buck by getting into a new business venture (not yet, anyway). This was me getting hacked.
It happened again, around 5 AM. I keep WordPress and all plugins up to date, and yet somehow a malicious attacker found a vulnerability on something I use in the site. I verified my logs and they didn’t gain access through FTP nor SSH, so a vulnerability it is.
Most PHP files were modified to include an extra line at the beginning that looks like this (I abridged):
<?php /**/ eval(base64_decode("aWYoZnVuY3R <--- lots and lots of gibberish like this ---> ZW5fNzCB9"));?>
When run in the server, this inserts code to redirect you to the naked ladies.
I assure you that The MKX® is clean… for now. The battle continues.