I want to shout out Mouseclone for letting me know there was a problem with this site. I was contacted on Friday about an alert that was raised to him that I had a possible iframe hijack on my site. Not really knowing what he was talking about I quickly scanned my source code for the exact iframe source that he provided. Not finding anything I dismissed it as many users of SocialSpark visit me and he possibly confused me with someone else.

 I did find today that in fact a database injection had been done and the iframe was there. My mistake was that I only hit the home page and the iframe was on the previous page. The iframe source refers to 61.155.8.157 and after some examination of the obfuscated JavaScript, redirections were discovered. I’ve contacted the server abuse department and will follow up if these people are not shut-down.

Welcome to the interwebs. This is the second time I have been hijacked in the same way. This is a new theme that I have gone through and can not find malicious php code, and since it’s in the admin section I can only assume that it’s a Wordpress security problem. This however is the second time I’ve found hijacked stuff in my database!

While I have gone through every line of code in both this theme and the access logs for this site I can not find how this is happening. Which make me very cranky as it’s happening.

My apologies to anyone who has gotten alerts. Systems are in place to track and prevent these from happening anymore. I hate Wordpress 2.5 (I just set up a site using it) but if it’s a 2.3 problem I’ll have to upgrade.

Tags: hijack, JavaScript, SocialSpark