Hacked.
Dec 27
THIS IS STILL ONGOING! Resolved.
So, somehow someone was able to gain enough access to my hosting system that they were able to change read-only .htaccess files in my account. I’m not sure if that was something caused by elevated permissions on my shared server or if someone was able to exploit my content management system. (WordPress) It seems like it make have been the latter as the “infection” ceased when I upgraded WordPress and deleted the cache. It is possible the infection could have been via an exploit in the caching subsystem. I’ll have to look into it further some other time. See update below.
This is what the “infection” looks like. The malicious code prepends and appends some stuff to your .htaccess files in all folders in the user’s home dir where an .htaccess already exists. It does not seem to attempt to create new .htaccess files. more…

