New hack around ? Check your installation!

I just understood that my website is hacked since… a long time (feb 2012?)

I still don’t know how it was done, or if it was because of an old classic backdoor I had in 2011… But just so you know:

I had a fake Jquery 1.3.2 in wp-includes>js>tinymce>plugins>spellchecker>classes>utils

I had a folder with a .log full of .html from spam in wp-includes>js>jquery

And in the .htaccess of /wp-includes/js/jquery I had a call to a jobdescription.php. It was allowing upload and write in a part of my server. 😡

The alert came from AVG in Opera (yeah to Opera users who told me), then we saw that code on top of the site, just once : http://www.cafzone.net/2012/05/colorz/#comments (1st comment).

The code was 100% regex from Hell. Was sending links to gena.stx.nl/top2.html and others.

I still dont know how it was possible. Maybe remnants of my old hack in 2011… And I find nothing with google about those files. I doubt I’m alone fighting this hack…

PS : a big [profanity removed] to all the coders doing that [profanity removed – please try a little harder to express yourself without having to resort to bad language]. 😡