mybookface.. virus or what?!!

  • xtremist99

    (@xtremist99)


    15 years ago

    Today when I published a new post and reviewed the website after it, I saw “mybookface.net” being opened instead of my blog, I scrolled down and found that my blog was down there. After investigating the source code I found there was an <iframe> added to my main page. It was something like this..
    `<iframe name=”rotater”
    Width=”100%”
    height=”100%”
    frameborder=”0″
    ifffff
    src=”http://php2h.com/blog2/&#8221;
    marginwidth=”0″
    marginheight=”0″
    vspace=”0″
    hspace=”0″
    allowtransparency=”true”
    scrolling=”auto”>
    </iframe>
    <!– 399 310 772 188 121 747 908 375 658 989 471 891 842 282 539 788 863 399 310 772 188 121 747 908 375 658 989 471 891 842 282 539 788 863 399 310 772 188 121 747 908 375 658 989 471 891 842 282 539 788 863 526 640 917 51 415 140 573 716 965 688 395 829 76 810 801 733 244 95 205 283 488 189 705 173 743 574 947 608 694 973 886 298 223 449 99 309 936 432 209 623 454 pp2 –> <!– post –> `

    Now I don’t understand how to get rid of this, where am I gonna find this code and how to remove it. You can see my page to exactly get an idea how it looks.. http://definelove.000space.com/

Viewing 1 replies (of 1 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    15 years ago

    You’re hacked. Using wget shows that it’s right at the top of your generated page just as you say.

    Look in http://wordpress.org/search/hacked?forums=1 for more info on compromises and exploits.

    You’ll need to clean out your blog installation as well as change your passwords. Try to find out how this got on your system; if you don’t close that door, it will be back again.

    See boiler plate response below.

    Read this

    http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/

    And then read it again.

    Read this too

    http://codex.wordpress.org/Hardening_WordPress

    Upgrade to the latest version if you have not already. You need to see if there are any users added to WordPress that you don’t know about/don’t belong there.

    You need to go through your files and find where the spammy links are being added. If it’s in wp-config.php or some other file, you’ll need to make sure that is cleaned up before you can consider yourself good file wise. Look everywhere and use fresh copies of your WordPress installation, plugins, and themes.

    Look at your posts and comments and see if there are any spammy links there. You can export your whole blog to WXR and then examine the whole thing in your favorite text editor.

    Look at your server’s log files. If you are on a shared server, get help from your provider. You need to identify if this was a compromise of WordPress or your server. If you do not identify the entrance which the attacker got in, odds are they will be back.

    Once you have cleaned up your hacked blog, harden it so this does not happen again.

    Good luck.

Viewing 1 replies (of 1 total)
  • The topic ‘mybookface.. virus or what?!!’ is closed to new replies.

Tags