Website hacked

daveinfukuoka · 2007-06-06 14:42:53 UTC

I just got this e-mail from Feedburner:

Hello,

I’m afraid you may have quite a serious issue on your hands. Every page
on your site from your front page at http://www.samuraisoapbox.com/ to
your very first article at
http://www.samuraisoapbox.com/2006/06/27/thank-you-nathan/ contains a
very large block junk links appended to the end of every page. Do view
source in your browser to see it at the bottom of everyone one of your
pages. Your feed is no different and has this same block of junk added
to it, making it invalid. I’m afraid your wordpress installation may be
hacked and that is what is adding this junk to all your pages. You
should contact your hosting provider and/or wordpress support immediately
to work with them on removing this junk from your site.

Please help! What do I do??

scjessey · 2007-06-06 14:52:47 UTC

Check your email. You should have an email from DreamHost about this issue. This is a known problem, and DreamHost are taking steps to remedy the situation. If you have not received the email, contact DreamHost’s Abuse department.

si-blog | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]

daveinfukuoka · 2007-06-06 15:40:40 UTC

Yep, got the e-mail.

We have detected what appears to be the exploit of a number of
accounts belonging to DreamHost customers, and it appears that your
account was one of those affected.

We’re still working to determine how this occurred, but it appears
that a 3rd party found a way to obtain the password information
associated with approximately 3,500 separate FTP accounts and has
used that information to append data to the index files of customer
sites using automated scripts (primarily for search engine
optimization purposes).

I was running the all in one seo pack plugin. Did this have anything to do with it?

scjessey · 2007-06-06 15:43:49 UTC

No. I don’t use any third-party software, and I still got hacked.

si-blog | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]

daveinfukuoka · 2007-06-06 15:49:27 UTC

Ok, so that is good. What do we do next, because I have no clue. Complete noob!

scjessey · 2007-06-06 16:31:18 UTC

Change your passwords. Restore your website(s) from your backups.

si-blog | Keystone Websites
Save $97 on yearly plans with promo code [color=#CC0000]SCJESSEY97[/color]