[wp-hackers] wordpress theme script injection (hosted on dreamhost)

[Jeremy Clarke]

Mladen,

It is very likely that the problem is not the host but rather the way in
which you "un-hacked" your site. Saying that you fixed it and upgraded it is
one thing, but you probably didn't finish the job. If there are leftover
base_64() scripts then you definitely didn't clean it up properly.

If an old version of WP is hacked then upgrading it won't make it secure
until you have cleaned out every single file that was there before,
preferably replacing the entire filesystem and tightening all permissions as
well. It only takes one malicious file to completely own your site again, so
you have to start completely fresh.

I recommend you start with a blank new directory on your webhost, install
the WP files from http://wordpress.org and install any plugins/themes you
need fresh from the repo. If you want to keep your old uploads folder you
should also look in every directory of it to make sure that all the files
are in fact the images you think they are, and not php/perl/python files
that can be used as a back door to your site.

If you can do an export/import of your content then that is probably also a
good idea, in case crap is hidden in the database.

-- 
Jeremy Clarke | jeremyclarke.org
Code and Design | globalvoicesonline.org