Today a client called me in a frantic state, worried as all her images were not showing on her site. After some quick analysis and investigation, what appeared to be a minor concern, actually turned out to be something that is worrisome, as it seems the site has been hacked – most likely due to an outdated 3rd party software version. This concern is a serious consideration when thinking of installing and running 3rd party software. It is so important for reasons such as this, to regularly update your version controls and remove any files that may be easily be prone for access. To remedy this there are two key things to do right away!
1) back up your files in your database and make sure to have a copy on your desktop
2) change your password to the FTP and to the 3rd party application
Then, download the latest version of the software application and reload onto your server, getting rid of all the old backend files of the application. Hopefully this will clean the server and eradicate the issues brought forth because of the virus.
A quick way we were able to detect something weird going on with the site, was looking at the source code and seeing, gobbly gook code that didn’t belong there. From the page source we could see – all sorts of writing not relevant to the site content. From the PHP code we could see script running on the page.
So the rule of thumb, if you own any 3rd party application for blogging, e-commerce, affiliate programs, email/e-newsletter etc. make sure to always have the most up to date version on your host server and stay vigilant with your passwords – change them often and ensure they are strong passwords.