ThermaDAQJust wanted to warn anyone who'll listen.
Have you had links showing up in the upper left corner of your wp site for viagra or somatropina ?
There are websites out there that offer free wp themes,
-
pre-hacked for your convenience
wpblogskins.com | wordpresstemplates.com | wordpressthemes2.com
Take a look at the 'View' demo of most themes offered and notice in the upper left corner is the hack link. EVEN on the demo!
I should have noticed this but . . . I was fool enough to not notice the hack link, download, install it and open the barn door.
Every day there was a link for 'somatropina' in SQL wp_options and every day I'd delete it, adjust, add security plug-ins, block IP's, etc. trying to stop the hack. WassUp helped me discover it was a SQL injection because a Ukrain IP came in and directly accessed specific locations in less than 1 minute. This appears also to be a 'Viagra' link injection method.
I loaded BulletProof Security after 5 days of wrestling. BPS didn't catch it either so I asked AIT-pro for BPS help. They were absolutely great in assisting and proved to be as tenacious as the hackers. After numerous emails and patches AIT-pro caught the dirty code buried in the theme. The theme_licence.php and start_template.php were Base64 code that when decoded didn't make sense. header.php and sidebar.php had coding that opened the door. (several rather large doors!)
Moral of the story - now I only use themes and plug-ins from wordpress.org If you use pre-packaged themes from other sites, check the coding before you launch. Don't get me wrong, there are good-guys out there offering great clean themes BUT there are the bad ones too. (lots of bad ones on the 3 above listed sites)
Take a look at the AIT BPS post for more info & what they're doing to address a dirty theme coding in the future.
http://www.ait-pro.com/aitpro-blog/category/misc-projects/exposed-scams/
