I've been on 2.2.2 for a while, and thought it was free of exploits.
However, my site (http://marknelson.us) was hacked sometime in the past few weeks.
The get_header() and get_footer() functions in general_template.php were modifed. get_header() created a cookie called "yahg", and get_footer() looked for it. If it found it, it sucked in some code from googlerank.info. The actual line it inserted was hidden by being base64 encoded, but it showed up on the site looking like this:
<iframe src=<http://googlerank.info/counter> style=display:none>
So, my question is this: how did this happen? I don't have any admins except me on the site. Has anyone else seen this particular hack? Is there a known exploit I should be looking for?
Yes, I'll upgrade to 2.3, but it's only been out a few weeks, and as far as security goes, I usually feel safer with an older version that has been hardened than a .0 version.
Any suggestions that can be offered would be helpful.
I've looked through the forums, and most of the messages where someone says their site has been hacked seem a little incoherent. A lot of times it looks like that might not even be what happened.
In this case it seems pretty obvious that it IS what happened. A diff of all the source code with the source I got from wordpress shows just that one file modified.