My sites are almost fully recovered. I’ve ditched the old fancy theme in favor of a more austere default theme that turns out to have some pretty nice features. I like minimalism anyways.
It turns out that the culprit was a vulnerability in timthumb.php. If ANY of your themes, even one you don’t currently have active, happen to use this script, please ensure that you download the latest version of timthumb.php and replace all instances on your server with that new version. It was quite common, particularly among so-called “premium” themes, and many themes that used image rotators on the homepage. Also, backup all themes on your site to your local computer, and then delete all themes you are not actively using on your blog. No reason to introduce any additional vulnerabilities.
In the aftermath, I have been able to implement a few solutions to help prevent this from happening again. I actually already had one relapse, but recovered in minutes. Here they are: Continue reading