Hey guys, just to inform you what’s been happening today – we had a security incident, where hacker/script preformed a PHP injection into our header file, injecting some spammy content. Fortunately, the malware has been removed now, and some additional security modifications have been installed. However, google and firefox automatically blocked our site for 24 hours, giving warning about the malicious code that was present few hours ago. I’ve submitted the re-inclusion proposal, so the blockage should be lifted in next few hours, when their bots check the site again and see it has been fixed. Just to clarify that our site is safe, and no malware is residential here.
But the problem that buggs me the most, is how the hell the code got auto-injected in the first place??!! If you are an expert in the field of security/wordpress/databases/php please send me an email vurdlak AT gmail.com if you have spare minutes to help. Will keep you updated…
