I thought I better add the “(unrelated)” into the post title before I get a flame about WordPress having nothing to do with this. Just reporting two unrelated things in a single post! 🙂
Wordress 2.2.3 was released over the weekend. I guess it won’t be long before the finished 2.3 release, but for the moment it’s just bug fixes of 2.2.x.
- The code was written as a single line. I never write code like that. If it isn’t neat and indented properly it doesn’t make it to my site.
- The modification was done yesterday. I didn’t log on to a PC all day!
I checked the contents of my content management system and the offending line of code wasn’t there, so it had been added by someone or something else!
I would be interested to know if anyone else saw got any AV messages when accessing my site over the last 24 hours. Hopefully not!
Update: It seems the file I fixed yesterday has been compromised again. I contacted my hosting provider and they claim there is nothing wrong on the server. They believe this additional line is being added manually, or via an exploit on my site. I’ve fixed the file again and changed every password I can ever remember having. I’ve now got to try and identify anything on my site that could possibly be exploited. Bummer!
Of course, if this is down to WordPress or phpBB I’m in trouble!