{"id":160,"date":"2012-03-09T11:08:22","date_gmt":"2012-03-09T16:08:22","guid":{"rendered":"http:\/\/www.dreamlandvisions.com\/photoblog\/?p=160"},"modified":"2012-03-09T11:08:22","modified_gmt":"2012-03-09T16:08:22","slug":"bad-code-no-flogging-for-you","status":"publish","type":"post","link":"http:\/\/www.dreamlandvisions.com\/photoblog\/2012\/03\/09\/bad-code-no-flogging-for-you\/","title":{"rendered":"Bad code, no flogging for you!"},"content":{"rendered":"<p>Just a quick word or warning.  Looks like a bug in php in use on many different shared hosting sites ( Dreamhost, etc..) may have opened up any wordpress, joomla or other php based site to a drive-by malware downloader. <\/p>\n<p>I noticed something odd on the templates for my wordpress sites and on further investigation, *all* of my websites on dreamhost have been hit.  Cleaning and sterilization is in progress.<\/p>\n<p>If you&#8217;ve been to my sites in the last couple of days, do a virus scan on your system.  It doesn&#8217;t look like that payload was successful, but there&#8217;s still a chance.  <\/p>\n<p>Drop me a note if you have any questions.  I&#8217;ll post again with a more thorough analysis this evening after I&#8217;ve had time to take a look at the actual payload.<\/p>\n<p>If you&#8217;re running a php site anywhere, look for a line inserted at the top of all of your .php files that looks something like: <\/p>\n<php? eval(base64_encode { bunch of base64encoded data } \/php>  or similar. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just a quick word or warning. Looks like a bug in php in use on many different shared hosting sites ( Dreamhost, etc..) may have opened up any wordpress, joomla or other php based site to a drive-by malware downloader. I noticed something odd on the templates for my wordpress sites and on further investigation, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[3],"tags":[],"class_list":["post-160","post","type-post","status-publish","format-standard","hentry","category-photography"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p4TCw3-2A","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"http:\/\/www.dreamlandvisions.com\/photoblog\/wp-json\/wp\/v2\/posts\/160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.dreamlandvisions.com\/photoblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.dreamlandvisions.com\/photoblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.dreamlandvisions.com\/photoblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.dreamlandvisions.com\/photoblog\/wp-json\/wp\/v2\/comments?post=160"}],"version-history":[{"count":0,"href":"http:\/\/www.dreamlandvisions.com\/photoblog\/wp-json\/wp\/v2\/posts\/160\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.dreamlandvisions.com\/photoblog\/wp-json\/wp\/v2\/media?parent=160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.dreamlandvisions.com\/photoblog\/wp-json\/wp\/v2\/categories?post=160"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.dreamlandvisions.com\/photoblog\/wp-json\/wp\/v2\/tags?post=160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}