Guess there's a vulnerability in WordPress. Tech support called it a php injection attack.
Code injection – Wikipedia, the free encyclopedia
Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by an attacker to introduce (or "inject") code into a computer prog…
Google+: View post on Google+
5 thoughts on “So it appears my web sites were hacked”
Oh yeah. Code/SQL injection is one of the easiest and most popular ways to take over a site, and even the server as a whole. Check out the CERT site for advisories about vulnerabilities and of course, always stay up to date on security releases for software you run (not only on a server). http://www.us-cert.gov/cas/techalerts/index.html Search for WordPress you'll see quite a bit of scary stuff. The effed up thing is the attacker probably used automated software that found your site, instead of specifically targeting you. Hope you didn't lose much.
We'll see. I'm waiting for the webhost to provide backup files and I'm trying to redirect to a generic page until I get things cleaned up. As long as my blog data base isn't messed up, I should be good – just slow.
Oh, no! What does that mean? they have our info or they were messing or stealing content?
They basically made all our sites a single page saying "Hacked by SO-n-SO" with a couple of images and some other text. In the end, I just had to replace the corrupted file (wp-config.php) with a good copy. So everything is back to normal.
I'll have to do some research to make sure we're not still vulnerable but since the attack was automated (someone ran a computer script) I doubt we'll be hit again any time soon.