This past weekend (and again today), CWDG and every other blog I run was hacked. I’m still sorting all of this out and it’s an absolute nightmare. Seriously, I was *this* close to just closing down everything. My feelings haven’t changed all that much since then.
For now, it seems to be okay, but I’m still looking for the backdoor (how the hacker accessed my site). I’ve done the basics like totally reinstalling wordpress, installing anti-virus on the blogs, adding a tighter security plugin, etc. I’ve scanned my own computer (which runs on Linux) for viruses (it’s clean), and have scanned CWDG with five or six online scanning services (all of which show it as clean). I also subscribed to the (probably BS) security scanner offered by my hosting service for $5 a month. Also, anyone that had a login account on CWDG – you now do not. Just covering bases here, and I apologize for the problems.
For those who want to know, the hacker placed a base 64 decode script in my themes’ index.php files. This would normally go undetected, but apparently the CWDG’s theme index page is so poorly written that the virus broke it and alerted me that something was up.
Again, I think I might have fixed it for now. I also have to fix the two other blogs that I run. Technologically, I’m in way over my head, so I don’t really know what I’m doing here.
Worst of all, I had to skip a day of writing to do this. Needless to say, I am really REALLY not happy.
Thank you to the several people who emailed me about this. It was a really big help. I appreciate it.