Hacked !

Eeek, I’ve been hacked. This morning I received a helpful e-mail from Google, an extract:

We recently discovered that some of your pages can cause users to be
infected with malicious software. We have begun showing a warning page
to users who visit these pages by clicking a search result on Google.com.
Below are some example URLs on your site which can cause users to be
infected (space inserted to prevent accidental clicking in case your
mail client auto-links URLs):


A quick look through the source reveals some dubious looking iframes (so that’s what NoScript has been bitching about, I thought it was just the new 2.5 wordpress code.)

I’ve cleaned up the code, deleted the bogus user, and changed some settings to help prevent this in the future. I’m running the latest WordPress code so I imagine this happened after I updated to 2.5 and before I applied the 2.5.1 security fix. I doubt it’s been around longer as I would have seen the warnings from noscript.

Anyroads, if you browse the site without virus protection from Internet Explorer then you’re an idiot — but you might want to consider getting your computer checked out anyway.

Sorry for the inconvenience.

Damn hackers.

Comments are closed.