It looks like Media Temple WordPress installs have been hit with a WordPress Redirect Exploit1. We got hit here at DigWP.com, but have cleaned things up and are taking steps to prevent it from happening again. This post briefly explains the hack, and provides some steps that you can take to remove the payload and get back on track.
What Media Temple knows so far..
At this point, here's what Media Temple is saying about the hack:
- Visitors viewing posts on your blog may be redirected to a third-party site. This may be a site already blocked by Google.
- Visitors may also be forwarded to the domain googlesearch.com, which has already been disabled.
They provide steps for clearing things up2, but it doesn't look like the entry-point or source of this hack is known at this point.
To clean this up asap, backup your database and run the following SQL queries:
UPDATE wp_posts SET post_content = replace(post_content, '<script src="http://ae.awaue.com/7"></script>', ''); UPDATE wp_posts SET post_content = replace(post_content, '<script src="http://ie.eracou.com/3"></script>', '');
And remember to change the query prefix from
wp_ to your custom prefix.
- 1 Editor's note: 404 link removed.
- 2 Editor's note: 404 link removed.