I think I had my website and Wordpress blog hacked by someone using the script below:
<snip>
Is there any way to prevent this in future?
Thks
too bad the javascript got removed, as i love analysing these things… i guess the javascript (which was most likely injected through a exploit) triggered another attack - on your visitors…?
backdoors and malicious code use to be hidden and embedded to other legal files, and the plugin folder is a popular place to store these things…
I didn’t decode it, but that script does look malicious. Assuming it is, it’s what the hackers chose to put on your site after they hacked and got into it. But the script isn’t what hacked the site. They got in some other way.
Is there any way to prevent this in future?
- Keep viruses off the PC that you manage your website from. Use a good antivirus program.
- Use long random passwords, not dictionary words.
- When a new version of WordPress is released, install it immediately. http://wordpress.org/download/
There are a few big hosting companies that have suffered repeated mass attacks on WordPress and other applications in the past couple of months, even when good security practices were being used by the webmasters and the software was up to date. Those hosting companies are presumably actively working on fixing the problem, but don’t assume your problem is with your hosting company until you have brought all your own security into line with best practices.
Thanks. I have cleaned out the directories and done some due diligence. Appreciate your reply.