Today Jorge warned me that his site had been hacked by a really strange system which replaced the code of " title " of its WordPress by a really cryptic text string and, incidentally, had changed the encoding of the site to UTF-7 between other niceties.
After the initial scare, and a few searches and calls to your hosting provider, you have been giving the problem and the solution .
The visible part of hacking may vary, and in this Google search you have several possible examples of what " tuned " your website may be once at the mercy of hackers, but the worrying thing was the change of coding, which He alluded to fat problems.
Well, looking here and there, J orge has found more than one WordPress user that had happened to him, like this or this other where there was already an analysis of where the shots could go.  And the culprit seems to be a Apache XSS vulnerability which would allow to change the encoding, which is what they were targeting in WordPress Answers .
The case is that this is bringing quite a debate in the forums of Unix and Apache, because there are those who say that the problem is Internet Explorer but the reality is that the site is hacked, put as they are
The vulnerability would be something like this:
- Someone sends a comment text of type
+ ADw-script + AD4-alert (+ ACI-Hello + ACI -) + ADw- / script + AD4-. And any validation passes.
- The database expects all incoming data to be UTF-8 and treats it as such. And since the UTF-7 strings are also valid in UTF-8 this causes a SQL error, which neither
- WordPress sends a header
The case is that most browsers do not support UTF-7 so they will show the string as UTF-8 or Windows-1252, but the reality is that the possibility of someone doing a hack to the web executing codes of this mode is there.
Is there a solution?
Well thankfully yes, and first, and do not say I have not warned you times, it is to have WordPress updated . Even Jorge has only happened in the only WordPress he had without updating to the latest version, so you know.
What does not fix the problem is to change the coding in the database to UTF again -8 because you still would not know where you came from, so I refer to the previous sentence: is looking for an initial WordPress without updating yours or a hosting neighbor (that it's the bad thing.)
In the part of Apache to stay calmer, there are several settings that can be made as well that talks to your provider to make sure.
And nothing else, if perhaps Jorge will tell us how he has gone with the matter, and point out some more detail, or yourself if it has happened and you have arrived to better conclusions about this problem. I have thought it important to share your problem and the solutions found so that you are warned and put countermeasures .