Bad code, no flogging for you!

Just a quick word or warning. Looks like a bug in php in use on many different shared hosting sites ( Dreamhost, etc..) may have opened up any wordpress, joomla or other php based site to a drive-by malware downloader.

I noticed something odd on the templates for my wordpress sites and on further investigation, *all* of my websites on dreamhost have been hit. Cleaning and sterilization is in progress.

If you’ve been to my sites in the last couple of days, do a virus scan on your system. It doesn’t look like that payload was successful, but there’s still a chance.

Drop me a note if you have any questions. I’ll post again with a more thorough analysis this evening after I’ve had time to take a look at the actual payload.

If you’re running a php site anywhere, look for a line inserted at the top of all of your .php files that looks something like:

or similar.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.