Wordpress (PHP) security compromised: eval base64_decode

Due to the security of Wordpress being compromised, I'll be migrating the blog content to a custom platform.

The main site may appear as a blank page periodically until the issue is resolved.

If you're encountering the eval(gzinflate(base64_decode())) issue in wordpress, here's a great article to help you in your struggle:

http://www.gregfreeman.org/2013/steps-to-take-when-you-know-your-php-site-has-been-hacked/

Thanks Greg!

And if you're feeling bold, this article has the command to remove all occurrences of the offending injected script:

http://devilsworkshop.org/remove-evalbase64decode-malicious-code-grep-sed-commands-files-linux-server/

The solution does require basic knowledge of unix commands & shell access to your hosting account (or a linux environment to run the commands on before re-upload)

Thankfully, I am using a version control system on most of the site files & it is relatively simple to correct any files that are maliciously modified. If you are having the same issue, I highly recommend you look in to using Git or some other system to be able to compare the history of your source files.

JoeJiko.com priority update list for week of 7/17

Primary objectives

  • find and install an ajax/php, database driven poll system

  • integrate facebook or twitter into photos system

  • install & configure YOURLS for site hosted short urls

  • add profiles section of site (quick linking to my social profiles)

  • rearrange homepage to include photos


Secondary objectives

  • slightly different favicon for blog, photos, and ask sections of the site

  • enlarge primary social icons (facebook, twitter) on the homepage and add Google profile link

  • remove www from blog site by default

  • rethink and rewrite "about" sections


Ongoing

  • update blog theme to reflect overall look & feel of JoeJiko.com

  • allow login with google and facebook

    • develop system for logged in users to upload photos to the gallery (such as fan art and signs)



  • sketch mockup for "joe jiko friends" and "joe jiko fans"


Theoretical/Distant future

  • integrate gallery with blog
    -post to wordpress when new photos are uploaded


That should be enough for now. I'll revisit my priorities next friday the 22nd. TGIF!