I’m sad to report that Art Song Central has been hacked. I’m not yet sure the extent of the damage, but I have removed the spam that was placed in the footer of each page.
I am taking the following rather extreme measures at the moment:
I have added a captcha system for registering or making comments. This ensures that a real person, not a robot, is registering for an account. I am also removing all subscribers from the userbase with a few exceptions. Users whose accounts have been deleted can create a new account, going through the captcha system.
I will be probably be changing the theme, and will unfortunately have to go through all of the other files with a fine tooth comb to find whatever backdoor may have been created.
UPDATE: I found 4 backdoors that were planted in the code, which have been removed. The wordpress code is up to date, and I’ve been through all the extra code as well, so I hope I have gotten it all. However I will be continuing to go through the code. There is a possibility that I will shut the site down for a brief period on Monday and do a clean install of all the software, just to be sure that I didn’t miss something. In any case, I will be keeping a close eye on the situation to see if any new attempts are made to hack the site.
