Much like what happened to Sinosplice a while back, Sinoglot has been hacked. In fact it was the exact same hack that hit John’s site.

The hack is the eval(base64_decode javascript injection that you may be familiar with if you’re a web developer. It is fairly benign, as hacks go. You’ll notice it as a user when your browser is suddenly redirected to a website in Russia which you had no intention to visit. Otherwise it’s business as usual.

What does this mean for readers?
It’s Saturday and a busy one at that. Steve and I are working to contain the problem and get clean installs of WP and other CMSs up, stripped of the offending files. The source of the problem, again mirroring John Pasden’s case, seems to be an outdated WP install that got left on the server.

Again, this hack operated by inserting a Javascript redirect into php files, so there should be no risk to people reading the site. If you’re concerned, just make sure your anti-virus software is up to date.

We will probably not be migrating to another server, as that won’t prevent future attacks. Instead we’re re-installing the different content management systems. As a result there may be some down time this weekend.

Fortunately, we were able to find the problem, so now it’s just a matter of repairing the damage done. Unfortunately, those repairs are time consuming. Please bear with us as we get this all cleared up. We thank you in advance for your patience.

Leave a Reply