It seems that sometime last week my blog was hacked and a discreet little <iframe> linking to a malware hosting site was added to the 30boxes widget you can see on the right. It wasn’t 30boxes fault – the widget code hadn’t changed, so I assume that something managed to inject the relevant line of code into my database by exploiting a flaw in WordPress.
I’ve just upgraded to WordPress 2.3 and have checked what I can, but am still investigating as I’d like to know what the hole was so I can be sure it is patched. And I apologise to anyone who got a nasty alert message when they visited when using IE.
Special thanks go to John Warlow, who was trying to figure out how to fix the RSS feed coming from the del.icio.us entries (something that bugs me too!) and took the time to email me about the site’s attempt to download VBS.Phelp onto his PC. And no thanks to Google/Stopbadware who flagged the site as infected but didn’t bother to tell me they had done so, or offer any indication as to what the problem actually might have been.