There are days, that the interwebs suck dynamically placed, interactive Donkey Balls. Yesterday, was one of those days.
Google alerted me late in the day on Friday, meaning I didn’t see it until I checked my email a mere 30 minuted before my scheduled 50 mile ride. I fumbled about a bit, did several full searches of my blog database and found nothing. Then I started scanning the code of the pages that Google was reporting as infected. Still nothing. I made a few changes, thinking maybe it was in error – and requested a review, then went for my ride.
Well, it wasn’t an error, and Google showed me a couple more pages, one of which led me directly to my swfobject files that had been injected with the poopy code. So off I went to download the latest version of swfobject, and to rewrite all of my static Flash pages to use the new code file. Whew. With that done, I went back in a started looking at my admin setting for the blog. I had been allowing everyone who wanted to register to do so, and come to find out, I’m guessing through a hole in WordPress, someone was able to make themselves an admin. Well, not for long, and now I’ve locked it down, and only a handful of users remain. If you were one of the folks I deleted, my apologies, please let me know and I would be more than happy to sign you up again, although you do not need to be a registered user to sign up for updates if that’s all you really want.
The final mistake I made was allowing the blog directory to be written to. This is a total n00b mistake, and I’m not sure when I did this or why – so in some respects I deserve what I got, and I’m lucky it was pretty simple to fix.