This weekend there has been a huge attack on websites that are developed using PHP, namely WordPress websites. From the websites I have been monitoring on this issue, right now it’s not really known how the attacker(s) are accessing the PHP files. What is known is that the attack is modifying every PHP file on a server. It appears only websites that are on a shared hosting account are being affected. At this point in time it cannot be said if the attack is targeting websites and accessing them via admin login accounts, ftp accounts, or by direct access to the web servers and running a script to modify every PHP file on that server (This would include all websites on a shared hosting server).

Discovering if your website has been hacked can be done very simple by going to your website, viewing the source file and going all the way to the bottom, right above the </body> tag. If your website has been hacked, you will see a javascript tag with the one of the following URL in it:

//www.indesignstudioinfo.com/ls.php
//zettapetta.com/js.php

If you are using WordPress, logging into your dashboard you will find that it does not display properly. Having your dashboard not displaying properly is a good indication your website has been recently hacked.
If your website has been hacked, there is something you can do about it. You can find directions on how to remove the malware code that has been added to every PHP file on your website by going to http://blog.sucuri.net/2010/05/new-attack-today-against-wordpress.html. There are step by step directions on how to run a script written by Sucuri Security to remove this malware code.

Once you have the code remove, clear the cookies, history and cache saved by your browser. It is not known what information this malware javascript is trying to collect (or what it function is), but clearing these items should keep you safe. You may also want to run your anti-virus software to make sure your computer is clean.
After you have cleaned your browser cache, cookies, and history, you should log into WordPress and change your password. This is just a safety precaution.
I am planning on posting a few security tips for WordPress in the next few days. Come back soon to learn a few steps you can take to help keep your WordPress website safe from being hacked. If you have any questions or if your website has been hacked and what to share how you were able remove the malware, please leave a comment. Sharing knowledge helps to build a safer and more reliable Internet.