For the second time in two years, Dan Tynans website, eSarcasm.com has been hacked, this time with code that redirected referrals from Google, Yahoo and other search engines to Viagra ad sites. After conducting a thorough security review with Code Garage.com, an online security scanning website similar to Securi, they discovered that the point of entry was with the zero-day Timthumb vulnerability discovered back in August of 2011.
Last August, a zero-day vulnerability affected TimThumb that allowed hackers to execute their PHP code on any site that was running it. As it turns out, the WordPress theme we bought for the site employs pieces of TimThumb code — including the flaws that were exploited.
Now we have to wait for the spammy search results to evaporate from Google’s cache before everything returns to normal.
Be sure to read the tips that Dan and his security adviser provides on protecting your site. Despite the vulnerability being patched soon after its discovery, sites are still becoming compromised. Because of the long tail effect and so many websites using WordPress these days, who knows when this point of entry will stop being taken advantage of.
I guess this will be happening a long time into the future.
Thanks for the link to http://codegarage.com/, I hadn’t heard of them before. Looks like an interesting service, although the “backups kept for 30 days” business seems a bit crappy. I’d want access to much older backups in case I didn’t notice a problem for more than 30 days (entirely possible if something subtle was altered).