War to hackers – The aftermath

As you should know if you are an old time reader, this blog has been hacked several times with malicious script injection.

I tried to secure the blog in every possible way without any luck.

Finally, I think I figured out what allowed hackers to exploit the blog. I use a custom theme built on an old version of Silhouette theme by Brian Gardner.

As you can see from the link, the theme is not longer available for download, but I believe the file comments.php contains a vulnerability.

Here it is:

Since I changed it, I am not having injections for a month.

Moreover, I found a couple of sites using the same theme reporting an hack attack.

Any security hero willing to tell us if I am right? Of if it’s just a coincidence and hackers simply decided to leave me alone?

  • AnotherGuest

    Aren’t YOU the “PROgrammer” ? :)

  • I dont see any code in there that I wouldn’t use in any other theme bar the code for the comment backgrounds.
    WordPress itself it pretty secure. You should try and cut down on as many plugins as possible. After you got hacked did you go through your db to check for any malicious code? Try and add as much functionality to your theme as possible, instead of depending on plugins.

  • Lets hope now you are secured :P

  • My brother is an Security Engineer In the Armed forces of Norway…Want me to ask him?… hehe.