Yes, it’s been hacked.
http://sitecheck.sucuri.net/results/shadowboxdreams.com
There’s a lot of resources available for this, such as…
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/
http://codex.wordpress.org/Hardening_WordPress
But, first things first…
DON’T PANIC
At least not quite yet.
I don’t think that you’ve lost everything. Hacks like this maily target the page templates and site files and don’t normally touch the database, so anything that you have there is safe.
What you need to do is work through some of the resources that I’ve put there, and see what you can come up with.
I’d also suggest that if this might be an ongiong probme, sign up for the Securi.net service and get them to monitor your site. It’s commercial ad does cost a litlte bit, but it’s wort hit for what they do to help.
The main source of hacks these days is either:
- Our-ofdate WordPress installations
- Out of date plugins
- Out of date themes
Updating all of these to the most current verisons will always help.
One BIG thing to look for is to check if your theme or any plugins use the TimThumb script. If you can do a global search for ‘timthumb’ you’ll find it if it’s there. If you can’t do that look through the files (in all of the theme/plugins folders) and see if there’s one called timthumb.php, thumb.php or thumbs.php as these are all normally the same thing. If you find any reference anywhere to timthumb, get back onto whoever you go tthe theme/plugin off and tell them that you need that file removed because it’s causing the hacking attempts.
