Website defacement

I bumped into a ‘hacked’ page while checking my page this morning.  I found the following script has been inserted into all WordPress-based pages. Also, the title was altered by a hacker. I was able to find similar attacks around the globe.

Because I have updated into the latest version of WordPress since last week, I doubt it was caused by WordPress vulnerability itself.  After I looked into web logs, other traces, and related attacks, it looks like the hosting server has been compromised recently. The attack looks quite similar to ‘Hacked by Badi‘ a few years ago.

For those who have gone through the defacement, the following link would help. (Hopefully the server should be patched immediately.)

https://wordpress.org/support/topic/hacked-by-badi-1
http://whmscripts.net/misc/2013/apache-symlink-security-issue-fixpatch/