Yahg-Sothoth

Pal Andrew alerted me this morning to a curious development. It seems that when he opened my site, he got all kinds of malware warnings and a redirect. I’ve had no such experience, but when he said it was on two different computers, I got alarmed. I asked on Twitter if anyone else had this experience and within moments this guy confirmed that yes, there were some rogue elements in my HTML code. (Also, I got another report of a redirect from my site.)

After searching through this code and that, I finally found the culprit. Turns out it was a pretty low-level hack called “yahg” that was responsible. I found the bits it added to my code and chopped it out. I’m fortunate that this is not one of those hacks that sets roots deep into the database structure of the site. The reason I hadn’t encountered it was because apparently it was only activating when the browser used was Internet Explorer.

I then upgraded to the latest version of WordPress and everything seems to be dandy.

If any of you got hit by this thing, I apologize. PLEASE let me know via email (it’s on the “contact” link above), blog comment, IM, Twitter, Facebook, whatever as soon as something like this happens so I can act quickly. I don’t know when my site got hacked, so I don’t know how long this has been going on.

This entry was posted in Site and tagged , . Bookmark the permalink.

5 Responses to Yahg-Sothoth

  1. RacingHippo says:

    …and start using a more secure, less hack-prone browser instead of the poor offering that Micro$oft have given you.

    How the hell did it hack one of your files in the first place?

  2. Dave says:

    I don’t pretend to know how they do it, RH.

  3. Lanf says:

    Well, it’s a simple matter of coding really.

  4. Andrew Weiss says:

    Sadly, Hippo, the web-based application I use in my paying job requires IE, so the choice is out of my hands.

  5. Pingback: Dave Ex Machina – A Thousand Points of Articulation » HIX HOX HACKS!