This weekend there has been a huge attack on websites that are developed using PHP, namely WordPress websites. From the websites I have been monitoring on this issue, right now it’s not really known how the attacker(s) are accessing the PHP files. What is known is that the attack is modifying every PHP file on a server. It appears only websites that are on a shared hosting account are being affected. At this point in time it cannot be said if the attack is targeting websites and accessing them via admin login accounts, ftp accounts, or by direct access to the web servers and running a script to modify every PHP file on that server (This would include all websites on a shared hosting server).
If you are using WordPress, logging into your dashboard you will find that it does not display properly. Having your dashboard not displaying properly is a good indication your website has been recently hacked.
If your website has been hacked, there is something you can do about it. You can find directions on how to remove the malware code that has been added to every PHP file on your website by going to http://blog.sucuri.net/2010/05/new-attack-today-against-wordpress.html. There are step by step directions on how to run a script written by Sucuri Security to remove this malware code.
After you have cleaned your browser cache, cookies, and history, you should log into WordPress and change your password. This is just a safety precaution.
I am planning on posting a few security tips for WordPress in the next few days. Come back soon to learn a few steps you can take to help keep your WordPress website safe from being hacked. If you have any questions or if your website has been hacked and what to share how you were able remove the malware, please leave a comment. Sharing knowledge helps to build a safer and more reliable Internet.