Purely by accident, I discovered that a website I run for Balerno Community Council was returning some unpleasant hidden content every time any of its pages was accessed. The content – a list of links to dodgy pharma etc websites – was invisible to browsers, but was only too visible to search engines.

The hack was cleverly done – the list of sites was concealed from casual inspection of the code by using the base64_decode function in php. The hacked file – footer.php – had the same date and timestamp as the rest of the WordPress files, so either the hack has been there since my last upgrade in March, or the hackers have gone to some lengths to hide their traces.

So, if you run a WordPress site – try a View -> Source in your browser – you may get a nasty surprise. The latest WordPress version is 2.8.2…

This entry was posted on Tuesday, July 21st, 2009 at 8:40 pm and is filed under Open-source. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.