I've just managed to resolve a hacking issue that's popped up for the second time. I don't know what the exact issue is, or where it started, I'm hoping the community could help resolve this for me.
Every once in a while my wp-config.php gets hacked and the following line gets added:
It's happened twice now, both instances also create the file themes.php.
I then copy all the .jpg files in 2009/05, delete the other files created (it numbers in the hundreds of garbage files).
Symptoms I normally get are:
Links that get referred via Google end up on a blank page.
There are links referring to movie websites in the footer
The site load times double
The homepage shows no new content - it stays the same as the first date of the hack.
The admins don't see the hack at all, it only gets displayed to non-admins.
I've locked my wp-config file to 640 now, as well as locked the 2009/05/ directory. I'd really like to know what the source of this hack is, so if anyone else has also experienced this, or knows how to solve it I would greatly appreciate it!