Tag Archives: php

Quasi-daily linkage

WordPress PHP injection?

I just found a creepy case of injection in my index.php file. I noticed this morning that my homepage was throwing a “headers already sent” message pointing to index.php, line 10 when it wasn’t cached by Supercache. A reload of the page cleaned it up. But my RSS feed (which currently goes through Feedburner) was also trashed, and /feed wasn’t redirecting. All with the same error. Disabling Supercache fixed the homepage warning, but not the feed.

Being PHP awesome, I checked index.php for trailing whitespace, and found this snippet of code above the standard WordPress code:

That’s a problem. That forum file is, as you might expect, a crap ton of links and some JavaScript.

A few things to note:

  1. My SSH/bash history is complete and untouched. That is, I can see back for weeks, and all the commands are mine. So it doesn’t seem to be that sort of break-in.
  2. I just upgraded to WP 2.9.2 yesterday through the admin console. Likely culprit? Probably.

Can’t say for sure what it was, since I didn’t do more than a cursory check after I upgraded. The homepage would have been cached, so I wouldn’t have seen the warning there.

I suppose I should report this.