The other day I was adding some files to my site to enable the magic of this, when I noticed something peculiar. There’s a directory there that I know I didn’t create. I look closer and it’s full of strange files that look like keyword spam.
I checked out my blogs and didn’t see anything unusual appearing, but went ahead upgrading them to the latest version of WordPress. I also warned Dave, whose blog is on my account, that trouble may be afoot. Sure enough, he finds a rogue directory as well. Looking further, I find them also in the directory for Lego Diem and Dateline: Silver Age.
In doing a little research, I discovered my blog was famous!
All the WordPress installations are now updated to the latest, and the directories are taken care of. I’m not sure what exactly the exploit is, but they hit each of my sites with a recent version of WordPress (even, disturbingly, Lego Diem, which was already upgraded to the latest version). They didn’t hit any non-WordPress sites, and they also didn’t hit two domains of mine that have woefully out-of-date WordPress versions.
It doesn’t look like a major hack, and it wasn’t tough to get rid of. Just annoying. (And if you recall, this isn’t my first time experiencing this foolishness.)
Looks like everything’s fine now, but if you have a WordPress blog, you might want to poke around to see if you have similar directories on your site. They directories all had names with two words separated by a hyphen: zachery_died and flower_leela were two of them.