Hi there.
I've had someone maliciously inject code into my blog - http://www.royaltech.net in the headers
'[the usual spam links removed by moderator]'
How can I go about finding and removing, as I can't seem to find where it actually is!
Thanks
Malicious code in blog - but where? (6 posts)
-
royal
Posted 8 months ago # -
aguitta
Posted 5 months ago #I have the same problem, I found the first one in one of the comments, because of unfiltered html in comments. The other one though, seems to be tougher.
-
Hi,
1) Change FTP and wordpress account password..set it strong one..
2) upgrade wordpress to the latest version
3) do not install any vulnerable plugin and remove all unwanted pluginsassign 644 recursive permissions to themes folder..
Thanks,
Shane G.
-
Posted 4 months ago #Thank you Shane.
That made me feel safer. I actually had to pinpoint who was adding the malicious content. Basically it was java scrip of one of the authors. (Had a fairly imature conflict with another author and turned agresive towards the site). Added re-directs, large blank Iframes and some other Java mumbo Jumbo. Eliminated his user and all of his content, increased general security, tried wp-antivirus and well, website is running smoothely. A little less open, but safer. triquy balance, open and safe.
-
@royal: Check theme files and other wordpress files.
The links can be injected by some obfuscated php code, so search for strings like base64_decodeAnother good solution is to try the Wordpres Exploit Scanner plugin
http://wordpress.org/extend/plugins/exploit-scanner/
It should be able to locate this sort of malicious code. -
mcpatriot
Posted 4 months ago #I ran into a problem like this a while ago, and got rid of a "Wall" plugin that allowed anyone to post a comment. I haven't had the problem since.
Reply
You must log in to post.
