I have recently seen several websites that I maintain, as well as several that I don’t maintain, hacked by some kind of bot net. It has been a really good learning experience to say the least.

Most of the hacked websites were running Wordpress, so my first thought that it was some kind of security exploit in Wordpress. Then I was asked to investigate of a few static HTML or PHP driven websites without Wordpress installations. All of the hacks were very similar and had their index.php, index.html, and .htaccess files modified. In the index.php and index.html files there was javascript code and iframe virus codes appended to the end of the file that would try to install different variants of badware/malware to unsuspecting visitors. I even seen a file that had stripped out part of the code within the file and replaced it with the malicious javascript and  iframe virus browser exploits. Therefore completely breaking the file (luckily we had a backup of the now broken file and were able to to get the site working again.) Read more