supernaut (and it looks like all of my wordpress sites) have been hacked my the brilliantly clever c99madshell. I’ve had to delete the entire site and rebuild, so it’s rather mediocre around here right now… trying to fix… enjoy the experience of disappointment.
Most of a night a day gone doing a complete rebuild, though I left the database alone (downloaded and searched for the pertinent strings, base64, gzinflate and so on though), but created a new unique database so if this all turns scabby again I can repeat today’s process with some additional WordPress hardening I’ve avoided so far (renaming the wp_ to something else, for example). Some formatting is still yuck though, probably from edting php outside the theme files.
So for now I shall wait and see if it comes back. If so, I’m at a loss as to how it has gotten in, and shall have to get serious.
For gory details, Derek Fountain has a comprehensive post on c99madshell, and those of you who know my love of scratching around in code will appreciate the inchoate horror I felt upon decoding the base64 mess and finding the unmistakable black, grey and red palette of a php injection wrapped in hacker’s colours.