WARNING if you have a WP blog

by Houcem Rihane

Posted: 14 years ago 11 replies

INTERNET MARKETING

If you have a wordpress blog that hasn't the latest version (2.9.1) then you should have a look at it.

I noticed I had a problem with one of my blogs that was Number3 in google and was getting good traffic and then suddenly got 4 positions down. I thought it was weird because it has been there for a long time so I typed the url in my navigation tab and when the blog was supposed to appear, I got a warning (I was using google chrome).

It was something like: The website xyz.com appears to contain elements from the website estguard.com that apparently hosts malware....

So I went back to my blog and had a look at the source code. And here come the surprise:
There was a code at the bottom of every page after the </html> tag.

This is the code:
I deleted the code for security purposes.

It looks like it's a java script that tries to install something using an iframe. It was causing google not to trust my blog anymore and thus the drop in the search engine results.

So I went ahead and had a look all my other blogs. Guess what? All of them were infected except the ones with wp 2.9.1.

So this seemed to be the solution. So I upgraded all my blogs and the problem was solved.

So if you encounter the same prolem, you know what to do.

Please share, if you had a similar experience/ if you know what is the real problem (maybe it's the server that got infected infected ).

#blog #trojan js/exploit #warning #wp blog infected

Heidi White 14 years ago

none of my sites have that problem, and none are 2.9.1- but thanks for the heads up.
- Thanks
{{ DiscussionBoard.errors[1688635].message }}
Leto 14 years ago

I wonder if you are using any footer plugin?

Or are you suggesting someone hacked your blogas and inected malicious code ?
- Thanks
Signature
â€œA person needs new experiences â€¦ Without change something sleeps inside us and seldom awakens. The sleeper must awaken.â€ (Duke Leto Atreides, Dune)
{{ DiscussionBoard.errors[1688663].message }}
Houcem Rihane 14 years ago

I am not suggesting, I am sure.
I didn't mean to say that if you don't have wp 2.9.1 then you will be hacked.
Just be sure to have a look at your blogs if they are older than that.
- Thanks
Signature

...
{{ DiscussionBoard.errors[1688712].message }}
Istvan Horvath 14 years ago

If it really was a malicious code injected... just upgrading WP will NOT solve the issue.

As far as I know in most of the cases the "bad stuff" is either in your database (also known as MySQL injection) or somewhere hidden deep in a subfolder in the wp-content folder.

Hackers know exactly that during an upgrade we don't really touch the wp-content folder, where all our themes and plugins and uploads (images, movies etc.) are stored!

I would search for that code you posted (or at least relevant part of it):
- in the database
- in the wp-content folder
- the root index.php

Good luck!
- [ 1 ] Thanks
Signature
{{ DiscussionBoard.errors[1688733].message }}
TrafficMystic 14 years ago

it's below versions 2.8.1 thats affected and vunerable
- Thanks
- 1 reply
Signature
[Link Alchemist] YOU ARE WASTING 80% Of Your SEO Efforts.. And you don't realise it!!!!
{{ DiscussionBoard.errors[1689005].message }}
- bgmacaw 14 years ago
  
  Originally Posted by TrafficMystic
  
  it's below versions 2.8.1 thats affected and vunerable
  
  Any site where the FTP is left open or has a weak password is affected and vunerable too.
  
  A plugin that's vulnerable to SQL injection could cause it too.
  
  Don't assume that just because you're on the latest version you're safe or that because you're on a earlier version you can be hacked easily.
  
  Thanks
  
  Signature
  Product Reviews | Earn Online Cash | Free HTML Templates
  Free WordPress Themes: Boring Memo | Dateless Mini-Site | Info Magazine | 100 Twenty-Ten Niche Headers
  Discount Templates, Graphics and Scripts: Templates for Website
  
  {{ DiscussionBoard.errors[1689089].message }}
Gene Pimentel 14 years ago

There is definitely something there that resembles a trojan. As soon as I clicked on the forum link to enter this thread, I got a warning from my antivirus software (avast) alerting me that there was a trojan embedded in an iframe in here.
- Thanks
{{ DiscussionBoard.errors[1689103].message }}
Houcem Rihane 14 years ago

I will delete the code.
I can't believe it works even if I paste in like this.
- Thanks
- 1 reply
Signature

...
{{ DiscussionBoard.errors[1689418].message }}
- Jeff Henshaw 14 years ago
  
  If you have some sort of 'malware' infection and you host your blogs, websites or whatever on third party hosting, it's hell on earth to clean everything up, from my experience.
  
  I had my Hosting Account suspended due to some sort of infection, which I can only assume got in via an installed script. Fortunately I always use at least three different hosting providers, so that I can function in an emergency - so not too much damage to the business - apart from the "Account Suspended" notice which appeared when using the domain names pointing to that account, until I redirected them!
  
  I have only had this problem once, thank goodness and as I am no hosting or server techie, it took me about three working days to go through every folder and file capable of holding 'malware' code, in order to clean up my server space. I got there in the end, but it was an eye opener to see how the rogue code embeds and tries to hide itself anywhere that it can.
  
  I only wish that the plonkers who create and distribute this stuff, would turn their attention to helping people instead of trying to bring people down.
  
  Anyway - I wish you the best of luck in cleaning up your situation and do remember to check your pc for malware and key loggers and once you are clean, change your admin passwords to your sites.
  
  Regards,
  Jeff.
  
  Thanks
  
  {{ DiscussionBoard.errors[1689489].message }}
digitalproductreporter 14 years ago

once you get things cleaned up you need to put the site in google webmaster tools and request a review

My site's been hacked - Webmaster Tools Help
- Thanks
Signature
{{ DiscussionBoard.errors[1689450].message }}
franclin 14 years ago

I just had it happen to me. I was lucky enough to take a screen grab but that was all. To see my screen grab go to three w's .epton.com/mallware/mall_ware_image.gif

The site was being redirected to estguard.com (google will stop you from going there and throw up the warning (the same one you will see in my screen grab.

PS: I tried to post the image but the forum said "To be able to post links or images your post count must be 15 or greater. You currently have 0 posts."

If anyone with 15 post would like to post the image in a comment please feel free to do so... and thanks.
- Thanks
{{ DiscussionBoard.errors[1705620].message }}

WARNING if you have a WP blog

Trending Topics

Newbie

How did you turn it all around?

Any thoughts on golf's latest phenom...Scottie Scheffler??

What's the Best IM-Related Skill to Learn Today That Can Help in the Future?

A healthy fascination for Hollywood...