Malware problems on several of my websites affected all my php files. This is literally thousands of files. My reaction to this reminded me of an image I saved which says something about how small things can really upset us (maybe computer related things in particular).
This attack has prompted me to look seriously at website security. In addition to cleaning the php files, I’m getting rid of a lot of old scripts and directories that have built up over many years and are no longer used. A cleaner script found at php-beginners.com, helped me to clean whole directories rather than each php file individually. However I need to address underlying vulnerabilities after I’ve done the clean up.
I think that my host Dreamhost may have more vulnerabilities than most, also it appears that WordPress has vulnerabilities and WP sites have suffered a number of attacks recently. Dreamhost was recently attacked: techcrunch.com. Also there has been some criticism of the way DH handles WordPress installations: wpsecuritylock.com. Since the attack came the day after WP installations on NYPO and Netstorms there is a strong likelihood that this is the source of the current problem and I’m following the advice on the wpsecuritylock.com site.
A May 2010 article on SEO Services Goa suggests that hackers use a complex strategy for attacking PHP based site. The suggestion that all PHP files should be made read only does not seem feasible since there are thousands of PHP files on a site like WP or Joomla site.