Hacked!

It seems this blog got hacked recently. A couple of posts had the following code inserted into them:

	 
/* < ![CDATA[ */
var quicktagsL10n = {
	quickLinks: "(Quick Links)",
	wordLookup: "Enter a word to look up:",
	dictionaryLookup: "Dictionary lookup",
	lookup: "lookup",
	closeAllOpenTags: "Close all open tags",
	closeTags: "close<div style="display: none"><a href='http://buycheaplasixonline.org/' title='buy cheap lasix'>buy cheap lasix</a> tags",
	enterURL: "Enter the URL",
	enterImageURL: "Enter the URL of the image",
	enterImageDescription: "Enter a description of the image",
	fullscreen: "fullscreen",
	toggleFullscreen: "Toggle fullscreen mode"
};
try{convertEntities(quicktagsL10n);}catch(e){};
/* ]]> */
 
 
	 edToolbar() 
	 
...(post text)...
	 
	edCanvas = document.getElementById('content');

This was on WordPress 3.2.1. I’ve now updated to 3.5; hopefully this won’t recur, but it’s something to watch out for if you’re running blogs using older versions.