Contact
LifestreamSilent Nation got attacked by some sort of worm or exploit last night. Don’t know if it is Wordpress specific or not. The details are described by other users so there is no point reiterating the whole thing.
Basically, and as far as I can tell, it attacks files chmodded 666 or better on the server. So that would basically be within the wp-content folder in the case of Wordpress. At least it seems contained to that folder. The code is inserted at the end of files, only PHP and HTML files presumably and designed not to break the code, but it may do so anyway due to headers being mashed up in PHP.
The end result is that the user is sent illicit videos among other things from what seems to be porn sites. The wmv that I got didn’t play though (in MPC) so there is a possibility that they too are some sort of exploit.
Code example with PHP:
[php]if (!defined(’domainstat’)) { define(”domainstat”, “ok”); echo ““;}[/php]In the end I only had to restore the template files and one plugin settings file. But annoying nevertheless.
