Back up Your Themes, Review Your File PermissionsLast November 12, 2007, this site is down for almost 2 days. And mind you guys, it’s not the usual downtime experience that I usually get from my host. If you have visited my site this past 2 days, you will get an error like this:

Parse error: syntax error, unexpected $end in /home/yuwonced/public_html/wp-content/plugins/lazy-k-gallery.php on line 296

If your site is powered by wordpress, at a snap of a finger you would know that this is probably one of your codes in the plugin that did not work. If such error occurs, we normally go back to our theme and delete the code, right? But in my case, I haven’t done anything on my site.

When I was about to post something on that day, I was greeted by this error code. It just took me 2 seconds to know that this is not a normal downtime. Even logging in to the site itself didn’t push through. I immediately e-mailed by hosting provider about the said incident and after 18 hours all I got is this:

We are still investigating the said incident, your account is currently under complete security audit. For now, we strongly advice that you delete all php files and directories (including sub-files and dirs) with a file permission of 777.

Do contact us for any other inquiries you may have. experienced the same fate and to cut the story short, our hosting provider got a PHP exploit according to dona’s e-mail. This can also happen to anybody. Here’s an excerpt of her e-mail:

It appears that your (wp-content/themes/resurrection) was infected by a php exploit, including any other php files on your home directory that has a file/folder permission of 777.

I strongly advice that you re-install themes and plains to fix this issue. In addition, you may want to secure your themes and plugins directory to prevent future incidents.

So what you should do if such thing happen?

  1. First, its a good practice to have a back-up, always. Be on the safe side. Have a copy of all your files that you have on the server, including your themes, plugins etc. to your pc.
  2. Use an FTP client to re-install wordpress. Just overwrite the folders on your site.
  3. Once you have re-installed wordress, upload all the back-up that you have from the pc to your server. Your site should be up and running at no time.