潮網誌被hack了，itsallbreaksoft搞的鬼

昨天一更新就覺得不對，網頁回應很慢，但是後台沒問題，檢查一下網路活動發現問題在這裡：

http://itsallbreaksoft.net/tds/in.cgi?3&seoref=http%3A%2F%2Fwww.tide.com.tw%2Fwp-admin%2Fthemes.php&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=http%3A%2F%2Fwww.tide.com.tw%2F&default_keyword=notdefine

網頁被redirect到itsallbreaksoft.net，這就是萬惡之源，上網查了一下不得了：

There is a brand new Wordpress hack attack making the rounds, that redirects all traffic to your site through itsallbreaksoft.net and paymoneysystem.info, and then on to any number of junk sites full of ads. The intermediate redirect to paymoneysystem.info actually goes through the URL paymoneysystem.info/in.cgi?michaeleknowlton, suggesting that someone using the name Michael Knowlton is going to be benefiting from any monies earned by the advertising. Here’s how it was done, and how to fix it. Fortunately, the immediate fix is very easy.

Here is how it was done – the bad guys either injected the below code into the header.php file (this is found in your /wp-content/themes/{your theme name here}/ directory) – or they simply sucked down your header file, modified it on their end to include the below code, and then overwrote your header.php file with the newly modified one…….

不過不只是這樣，我發現我多了一個有admin權限的管理員，在wp-content/uploads 裡面也找到一個xxxxxx.php（x＝數字）的惡意檔案，把包括header.php裡的js代碼通通刪除後，現在看起來是回復正常了。
長這麼大第一次被hack啊～（當然windows中毒不算）