Compromised

The malicious code that keeps being inserted to JavaScript files.

After spending a full day fixing sites, upgrading versions and changing passwords I woke up this morning to find another RSOD (Red Screen of Death) from Google on one of my websites and an email in my inbox warning me that my site had been found to be serving “malicious content”.

MediaTemple, the host I’ve been using for a few years now and have come to rely on their service, claimed the hacks have been through the WordPress blogging platform. In the defense of Matt Mullenweg and everyone working on WordPress I’m going to have to disagree. Several of the pages that I’ve had hacked haven’t been WordPress pages but the majority of the attacks have been malicious code placed into the top of .JS (javascript) files, more specifically jQuery and jQuery plugins. Only one of the attacks I’ve had to fix in recent days has been a MySQL injection attack, obviously due to an outdated version of WordPress used on the clients site, the rest have been JavaScript pages hacked.

I’ll post more as I find out more information but for now, this newest attack has been cleaned up and everything locked down again.