As a follow-up to this post – My wife’s Bludomain site – Heather Swanner.com is being hacked EVERY DAY. I fix it, and the next day it is down again. I contacted them and let them know what’s going on and aside from a canned response I haven’t gotten much – pretty disappointing.

In the meantime I simply used htaccess to redirect index.php to home.php since this exploit apparently only affects files named index.php or login.php

If you’re having trouble with your blu site being hacked on a regular basis and only displaying something like:

“Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ‘,’ or ‘;’”

as a result, please leave a comment. More importantly if you’ve discovered a reasonable solution I’d love to hear it as well. Thanks.

So I emerged from a fantastic vacation weekend to find all of my php sites not working. Each displaying the same simple error message:

“Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ‘,’ or ‘;’”

After my initial 30 second panic attack subsided I did a little googling and came up with this site: http://www.geeked.info/web-site-hack-loading-microsotfcn/

I’m assuming this is a bot that crawls from site to site. I had websites hacked across three different servers.

Once hacked, the site should produce a tiny iFrame that redirects to microsotf.cn. Don’t visit the page. It will most certainly ruin your day – spyware, malware, whatever. The beauty is – wordpress sites don’t display the iFrame. They just wind up broken. Other sites however won’t appear very different at all and it will be nearly impossible to tell whether the site was hacked or not.

If you’re having this problem simply open the source of the page in question and look a block of code similar to this (either immediately following the body tag or at the very bottom of the source code.):

Delete the offending code – upload (backup the original first, just in case) and you’re back in business.

Thanks to Ed over at http://www.geeked.info/ for having the ONLY blog post I could find on the whole internet about the hack.

EDIT: 7/9/09 – It has happened again to one of my sites. Different block of code, different malware site being loaded – same basic poison/remedy. For those interested in learning how to block an ip address (or range of ip addresses) – click here.

Visit Website

The folks at Wiiibounce loved their new website so much they decided to apply the exact same style to another business site – Hall of Fame Academy.

Hall of Fame Academy is a Cary NC based baseball/softball center where kids of all ages can rent batting cages and pitching mounds. Not only that, players also have access to world-class instruction by former MLB players.

Visit Website

Wiiibounce is the Triangle’s premier birthday party and daycamp headquarters – located in Cary, NC. Wth Wiiibounce, you get not one but TWO of the most wildly popular, over the top entertainment options you can offer your guests. You get the wild fun of GIANT INFLATABLES and engaging action of Wii Game Systems on BIG SCREENS. Both activities can be enjoyed by ALL AGES, 2 thru Grandpa/Grandma.