This website runs WordPress with a theme based on Genesis. Unfortunately, we were hacked on May 27, 2024. If that ever happens to you, do what you have to do. In our case, we found the file functions.php in the genesis theme to be modified. The file is supposed to be fairly empty, but it had a lot of odd stuff in it starting with:
<?PHP
/* custom filters */I hope this never happens to you. Sorry if it caused any problems.
What was the purpose of the hack? Well, it very much looked like an attempt by some hacker purportedly from Russia using this website as part of a link-building bot-net. My guess is it works like this: Someone (in this case actually from Denmark, because all the fake “casino” links were in Danish) buys 10K inbound links on the black market. They put 1000s of variations of the links out on 1000s of websites through this bot-net. In this case, we were hacked to be part of the bot-net.
Takeaway: Never buy incoming links. Even if it seems to work. Even a SEO expert I paid to work for me advised us to do it. Just say no.
Update: We are now using a service that scans for changes to the site every day. Jetpack has one such service. Virusdie is another one. This seems to be almost mandatory today if you want to keep a WordPress website running with some peace of mind.
M.Sc.EE, SI Consultant
Leave a Reply