Machina Memorialis was hacked in the past few days so that all the .php files had an additional line of code added to redirect traffic to a Russian site. Everything’s cleaned up and there’s a snazzy new theme to boot. The code, inserted in the first line of each .php file, begins with the code
php /**/ eval(base64_decode("
I thought I’d share some useful resources which helped me get the blog back to normal with a minimum of pain. First, this YouTube video helped me diagnose my problem.
Simple enough, but I was looking at the prospect of having to manually fix each and every .php file. Hoping for a better solution, I posted the situation to Facebook and George Williams provided a link to the blog post “Possible fixes for recent WordPress hack,”which provides links to Sucuri.net’s post that includes an easy to install and run .php script that will clean up your code. I recommend starting with the link Williams gave me first as it includes some additional useful information.