“My fellow Americans. I’ve signed legislation that will outlaw Russia forever. We begin bombing in five minutes.”
It was only a question of time — but still strange when it happens and your server gets hacked.
Quite annoyingly, given that I did not have the time to try to understand the attack method, I nuked one of my sites. Wanted to kill it anyway, so no loss. The problem if a newly created blog (themobilescientist) is too close the your main blog — the new blog does not really have a chance long term. And it was time to kill arkofideas too. So I removed that too.
Still, leaving encoded files that run php code — not nice. And not what I needed at the moment.
Hmm, given that I do not have the time to check each blog entry (no ideas what they did during the meantime), if you notice anything strange, please leave a comment.
BTW, yup attack came from Russia — one of the nicer aspects of log files and IP addresses.
To quote No Agenda: “PUUUUUUTIIIIIIIIIIIIN!!!!!!!!!!!!!!!”
Damn, they did bury a few files quite deeply. Didn’t have to search for them, just listen to requests from that particular IP address — leads right to the files. From quite openly lying in wp-content to files in /wp-includes/js/tinymce/plugins/wpeditimage/ to files in /wp-content/plugins/nextgen-gallery/pope/ — and three different file names. This really sucks.