Less than a week ago, the http://rubenerdshow.com and http://rubenerd.com/ Wordpress installations were compromised by a code injection attack. When a user navigated to any pages under those addresses, within a few seconds they’d be redirected to a website hosted in China which contained links to malicious Windows software.
This was an serious breach of security, and I sincerely apologise to all my Windows Interent Explorer readers and listeners. I am inching ever closer to finishing my own homebrew content management system so I can get off this Wordpress software once and for all. Unlike Wordpress, Ruben.rb uses secure hashes for all content including posts, uploaded media and theme files. If a particular media file or database entry does not explicitly match the stored hash and last approved modification time, the presentation of that media is halted without exception and I’m emailed.
In the meantime on Wednesday I wiped every single Wordpress file from my webserver, installed Wordpress fresh and restored the database entries from my backups. I’m confident I killed the exploit by just deleting the inserted meta refresh code from the wp-theme-header.php file and deleting the malicious JavaScript file, but I decided absolutely not to take any chances.
Thanks again everyone, and special thanks to Dave Wares, iRodrigo, Kaede Yoshimatsu and Michael Hooper for alerting me to the problem.
Post to del.icio.us
Post a Comment