How My Site Was Hacked

So in case anybody cares, what happened was that I apparently have a theme that got hacked. It appears to be a theme called super blogger had a helper.php file in it’s images directory which allowed files to be posted into that directory.

Using that uploaded file, extra code was added to my functions.php file in my standard theme which opened a backdoor and gave free reign.

Many thanks to Alex McKee who helped me track things down.

I recommend reading this post from Dave Meehan for more detail.

FYI, a couple things that should have clued me in (which I’ll look for in the future). First, I started getting an error on my admin console about extra data sent before the headers. I stupidly went into functions.php and fixed it (even working with 8Bit support) without noticing the added code. Second, in the source to my pages, there was a misspelled “Wordpres Counter.” That should have clued me in as well.

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 thoughts on “How My Site Was Hacked

  1. FWIW, your current theme doesn’t work with JS turned off (as it is the case in my Thunderbird), it says something about Mobile Safari’s scripting being off. Take your time, though, it sounds like you have bigger issues to worry about at the moment; I can hack my way around it with adblock plus for now (… which amusingly I use more for stripping blog posts of excess UI elements than ads).