Hi,
few days ago i tried to post an article and link it to another website and when i clicked on (the link icon) got an RED screen telling me that my site is an attack site and this was from google i believe i link that google reports that it is an attack was this
http://www.mysite.com/wp-includes/js
and only "js" !!
i looked over that folder and found that there was a new folder called "included" and that folder has file called crickweb and that file has many .html .jpeg .gif files !!! which i dont know how that one has been created !!
i deleted the crickweb file but left the folder (included) there
so guys do you believe that 2.8.2 has something ?
and how can i fix this ?
It's not WordPress 2.8.2 that has the problem. Someone's hacked/attacked your site and uploaded files to your wp-includes folder.
so do i have to remove this "includes" file !!
It's more likely that the hack was introduced before you moved to 2.8.2.
Check http://codex.wordpress.org/FAQ_My_site_was_hacked
does this look okay to you ?
its from .htaccess
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://webmail.mysite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://webmail.mysite.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.webmail.mysite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.webmail.mysite.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
# BEGIN WordPress
# END WordPress
<Files 403.shtml>
order allow,deny
allow from all
</Files>
deny from 74.210.4.54
i fixed the malware thing just deleted that file "includes" from wp-includes
