It turns out anyone visiting this website would be redirected to any number of random advertisement websites. Since I hardly ever visit the main page of my blog I would have never noticed it until the blog author from PFStock.com pointed it out to me via e-mail.
I disabled all the plug-ins and whatnot to try to solve the problem but that didn’t work. I changed the theme of the blog and that seems to have stopped the redirects. I then discovered the source of the redirects was due to some javascript code in the header.php of my old theme.
The javascript code is huge and looks something like <script language=javascript>document.write(unescape(‘%3C%73%63%72%69%70%74%… The reason for the size is that it seems to be encoded and I’ve been having trouble decoding the thing even with a decoder to determine the url from which the script was being called.
Which begs the next question of how did that string of code end up in the header.php file of my blog? It could be a number of things from server side malware to the laptop I use to edit this blog being compromised.
Update: I figured out how access was gained. Apparently someone signed up for a subscriber account on my blog and then inputted a certain string of text in the “First Name” box field that designates their account administrator privileges.
Recent Comments