tl;dr Sucks to get hacked, GoDaddy is about to lose a customer.
I got hit this morning with the exact exploit mentioned here, I was able to clean out the codebase and get a half-working site back up just so I could close it out properly. I felt awful, I was keeping everything up to date, following security best practices, I couldn't figure out what had went wrong. This article is making me completely rethink GoDaddy as a host, namecheap will probably be getting my business pretty soon.
What's even more disheartening is that until this point I have never really had a reason to dig into the WordPress code, when I did I found ridiculous "easter eggs" that to my well trained PHP eyes looked like malicious code. It wasn't until I verified that it was release code and was meant to look that way did I realize it wasn't part of the exploit. Take a look at wp-admin/revisions-js.php and tell me it doesn't look like some dirty exploit is hiding in there.
I got hit this morning with the exact exploit mentioned here, I was able to clean out the codebase and get a half-working site back up just so I could close it out properly. I felt awful, I was keeping everything up to date, following security best practices, I couldn't figure out what had went wrong. This article is making me completely rethink GoDaddy as a host, namecheap will probably be getting my business pretty soon.
What's even more disheartening is that until this point I have never really had a reason to dig into the WordPress code, when I did I found ridiculous "easter eggs" that to my well trained PHP eyes looked like malicious code. It wasn't until I verified that it was release code and was meant to look that way did I realize it wasn't part of the exploit. Take a look at wp-admin/revisions-js.php and tell me it doesn't look like some dirty exploit is hiding in there.