Banana Munki

My website was hacked. A piece of code generating an invisible iframe linking to a website containing badware had been inserted into some files. I figured it out after I attempted to access my website using Firefox which warned me that the website I was trying to view was hosting files that could be harmful to my computer and gave the choice to either get me out of there or ignore the warning.

You can guess how fun that was.

I do regularlly backups so nothing was lost but I, being the busy full-time mother I am; had to change passes, create a new database and do a clean install of WordPress as well as do some reading and tweaking on how to secure a WP installation.

I found the code, that looked something like this:

It was inserted in the current theme in files such as the footer.php and the header.php as well as all index.php files in my installation of WordPress: /wp-admin/index.php, /wp-content/plugins/index.php, and so on. Also in these: /wp-includes/default-widgets.php and /wp-includes/default-filters.php.

Having done the best I (currently) know how to make my website more secure I requested a review of my website by Google through Webmaster Tools and since I now am able to access my website without any warnings it validates (I’ve rid the badware) and hopefully prevented further intrusion.

UPDATE–
Googling the issue I found the suggestion that a virus enters your computer through a torrent program and gets access to a website when you use an FTP program. I use uTorrent and FileZilla so I don’t smash that theory.

I made it real simple for myself and Googled for a List of Ping Services to add to the Update Service (Settings/Writing) integrated into my self-hosted WordPress. Smart choice for a stressed stay-at-home mom to build ground for reading circle. However, as suggested at Daven.se I use the Smart Update Pinger plugin at Prelovac.com to handle the pinging because it sends pings only when publishing posts and not when editing. Since pinging the same posts several times could get your website banned from ping sites.

I found the list at DailyBlogTips. You can view it there.

My computer has been infected with badware. The symptoms lead me to investigate; My computer had slowed down dramatically, it took longer than usual to reboot, the Internet connection was unusually slow and the set homepage in the browser switched. I started checking my list of installed software and came across something that to me was unknown; RelevantKnowledge, which I through Googling found was a spyware.

I ran into this 411 on how to get rid of RelevantKnowledge which I found useful. I also used my spyware scanner (called SpyHunter) and I think I managed to get rid of RelevantKnowledge. Yippi!