WordPress.org

Ready to get started?Download WordPress

Forums

Iframe Injection Malware (10 posts)

  1. SocialStalker
    Member
    Posted 1 year ago #

    Hi all,

    Google has detected 32 pages on my site thesocialstalker.com that injects malicious iframes. I was trying to solve this several times but every time I think I fixed this Google detects another page. Also, when I scan the reported pages I get a notice says there is no malware in those pages although sometimes it does. I've installed almostevery recomended plugin and I've searched for malicious code in all of my htaccess and index.php files including some other files and found no sign for the code. I read tons of references and articles and tried everything but Google sticks to their story. Here is an example of a reported page: http://thesocialstalker.com/follow-the-us-army-on-pinterest-usarmy/the-us-army-fb-timeline-cover/
    Scan by Sucuri: http://sitecheck.sucuri.net/results/thesocialstalker.com/follow-the-us-army-on-pinterest-usarmy/the-us-army-fb-timeline-cover/

    Please help me and please don't just link to other general articles I have probably already tried them.
    Thank you very much I appreciate your help!!!
    Stalker

  2. esmi
    Forum Moderator
    Posted 1 year ago #

    You don't seem to be removing all of the hacker's code from your site - which means that the hacker just walks straight back in again. See http://ottopress.com/2009/hacked-wordpress-backdoors/

  3. cjchamberland
    Member
    Posted 1 year ago #

    The code is still being injected in your site, there is an iframe within this div tag: < div class="z9dxj7s7wd">....< /div>

    Since you aren't able to locate the backdoor, have you considered completely wiping your server and installing a new clean wordpress install? In a case like this where you aren't able to locate the problem, that would be your best solution.

  4. Tristan123
    Member
    Posted 1 year ago #

    I have had the same problem since I started my small business 2 years ago.

    Every few weeks I'm getting messages saying there is malware on my wordpress sites. Today it has javascript malware. It's got to the point where it is taking too much time to deal with than it's worth and I might just find a nice html theme instead.

    The frustrating thing is that you can search forever and a day for generic links but there is no simple fix for it. Completely wiping my server isn't a simple thing to do at all.

    It's a shame there isn't a simple, watered down version of wordpress for people like me that don't require the blogging features of wordpress but just want a nice simple site they can add pages to and put a nice looking theme on that was more secure.

  5. esmi
    Forum Moderator
    Posted 1 year ago #

  6. Tristan123
    Member
    Posted 1 year ago #

    Thanks for the list of links. I don't have the technical knowledge to change MySQL users passwords and I'm really not up for wiping the lot and starting again as I did this a few months back.

    Also, the "injected malware" comes and goes without me actually doing anything, so it's difficult to look through the files etc to try to catch it. For example this morning when I got to work, sucuri.net was showing that my site was infected, now without changing anything it's saying that it is clean. This has happened a few times.

    As I don't need any blogging features then I'm off wordpress until either they make it more secure or I am able to fix the problems easier when they do arise.

  7. esmi
    Forum Moderator
    Posted 1 year ago #

    Did you read the page at the last link I posted above?

  8. Tristan123
    Member
    Posted 1 year ago #

    Yes, it says a user of wordpress should be an expert in it. I am exactly the type of person that they are talking about, a normal everyday user that doesn't have the time or energy to learn about php or web security.

    Probably my fault for assuming that i could install Wrodpress, add a theme, make my site look nice, and expecting it not to be hacked every week.

  9. esmi
    Forum Moderator
    Posted 1 year ago #

    it says a user of wordpress should be an expert in it.

    Ignorance is a curable disease. ;-) anyone can become a WP expert with time and practice. In the meantime, these forums are here to help.

    expecting it not to be hacked every week.

    That's a very valid assumption to make. The problem is that, once your site has been hacked, it is imperative that you remove every trace of the hacker's work. Otherwise they'll just walk straight back in again. I suspect this is what has happened in your case. Either that or you have unfortunately used a very insecure hosting company.

    Have you looked at creating a site on wordpress.com instead. Less flexibility but also far less hassle compared to running your own site. Have a look at http://en.support.wordpress.com/com-vs-org/

  10. perezbox
    Member
    Posted 1 year ago #

    Oh hey, just saw this, sorry for the delay.

    You need to query your database. If you have wiped and gone through your files in detail then you need to try querying your database, willing to bet its in there. It's likely embedded there and reinfecting your files. The other thing to check are the neighboring sites or files above the web directory.

    While there is no silver bullet you might be reaching a point where you should seek help.

    Cheers.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags