I’m still sorting out the details of the hack but what I’ve gathered so far is that the hacker was able to overwrite the theme I have selected.  I believe that this is a wordpress vulnerability, but I’m looking into the posibility that it may not be.

After a quick search, another site was hit with the same exact hack.  He is also using WordPress, but he also uses the same hosting service.

The hack read “Security Z3ro” and had a weird picture (guessing middle-eastern) and played a RealMedia clip named es350.ram.  The biggest security issue was the image that it displayed.  For those of you who aren’t webmasters, any time you download anything from the internet, whether it’s a file, web page, image, movie, picture, etc, your IP address is recorded on the server.  This is done usually for statistical purposes.  But for someone who wants to wreck havoc, an IP address can be used to compromise your personal computer.

I’m guessing that the hack was taking advantage of a WP vulnerability since the attack only compromised the themes.  Upon inspection of the theme files, I noticed one of them was updated recently:

Pay particular attention to index.php.  Note the utime (update time).  Once I had the date and time, I went into my logs to see who was on my website during that time.  Thankfully, I didn’t have too many visiters at 11:30pm.  I soon found out that the hacker is either located or used a proxy server in Syria.  In either case, I can’t issue a subpoena to a foreign country to find out who did this.  But in the mean time, I have blocked his entire subnet from ever reaching my site again.

The offending IP address is 91.144.1.41.  Feel free to add this IP address to any of your filters.