I haven’t posted anything this whole month because one of my servers got hacked and I’ve spent the last three week working on a new plugin to scan and remove malicious software from my server.
It wasn’t enough for me to just remove the hack. I had to make sure it wouldn’t come back and because it was such a widespread exploit I thought it would be good to release a plugin for other website admins to check their site for themselves.
I looks like my infestation of nasty scripts came in through a vulnerability in an older version of timthumb.php. Apparently any version older that 2.0 can be used to place a file on the server. If that file is a back-door of some kind then the person who put it there could have full access to your server.
I’m still testing and working out the kinks in my security scanner but it should be ready soon…