Fortunately for us, our Web host Doreo quickly identified the cause and fixed that vulnerability within a few hours. This time the cause and the fix were a little harder to suss out.
We ended up paying Code Garage to scan our site and remove the malicious code. They pointed the finger at TimThumb, a WordPress utility that automatically produces thumbnail images for site landing pages. Last August, a zero-day vulnerability affected TimThumb that allowed hackers to execute their PHP code on any site that was running it. As it turns out, the WordPress theme we bought for the site employs pieces of TimThumb code – including the flaws that were exploited.
Now we have to wait for the spammy search results to evaporate from Google’s cache before everything returns to normal.
Why did hackers do this? Odds are eSarcasm was simply part of a bundle of redirected traffic that was bartered on underground exchanges for a few pennies per page view, says Paul Henry, security and forensics analyst for Lumension, an endpoint management and security firm.
Even if you religiously update your WordPress installation (and we’re generally pretty good about that) you may be vulnerable thanks to some easily hackable plug in, says Henry.
“My best recommendation for keeping your site secure is to gain tight control over any extensions for your WordPress installation and disable any you don’t truly need,” he says. He also suggested hiring an outside firm to periodically scan the site and validate each page several times a day.
Henry said the hacking problem is so insidious and pervasive even well-known tech security pros have fallen victim, much to their embarrassment. I asked Henry if it had happened to him.
“To date I have not been embarrassed,” he says. “I’ve been lucky.”
Wish we could say the same.
Got a question about social media? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynan_on_tech. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.
|esarcasm viagra hack cropped 600p.png||128.08 KB|