If you visited The MKX® today and was redirected to a hardcore porn website… you are welcome. However, I must admit this wasn’t me making a quick buck by getting into a new business venture (not yet, anyway). This was me getting hacked.
It happened again, around 5 AM. I keep WordPress and all plugins up to date, and yet somehow a malicious attacker found a vulnerability on something I use in the site. I verified my logs and they didn’t gain access through FTP nor SSH, so a vulnerability it is.
Most PHP files were modified to include an extra line at the beginning that looks like this (I abridged):
<?php /**/ eval(base64_decode("aWYoZnVuY3R <--- lots and lots of gibberish like this ---> ZW5fNzCB9"));?>
When run in the server, this inserts code to redirect you to the naked ladies.
I assure you that The MKX® is clean… for now. The battle continues.
It looks like it was done through a security flaw in tinymce, a WYSIWYG text editor used by zenPHOTO, the photo gallery software I use extensively. Google blacklisted me (the horror!) but after I cleaned things up (or rather, Moi did) I can be visited again without raising any flags.
The extent of the damage is still unknown. So far I know that
The hack occurred on 2011-11-07 at 18:48.
Every .htaccess in my sites were injected with malicious redirects. Moi got rid of them. Here’s one sample .htaccess file (as text).
A malicious file class.images.php with obfuscated code was created somewhere inside the zenPhoto installation. I have no desire to reverse engineer it. Here’s the link to the file (as text).
An empty index.php file was created next to it.
Looks like I have quite a bit of work ahead of me. Those damn russian hackers! More info here.
As you know, I bought the Smart Cover for my iPad 2. It’s really slick but it has one problem: It does not protect the back of the iPad. I like taking my iPad from one place to another and put it down on hard surfaces: the kitchen table, the tile floor next to the toilet kitchen table, etc.
I really liked the original iPad’s Apple Case because it protected the back well enough so that I’m not scared of scratching the aluminum back. Until I can find a suitable replacement, I found a $3 stop-gap solution: