WordPress.org

Ready to get started?Download WordPress

Forums

Santy worm (9 posts)

  1. Cilibrin
    Member
    Posted 9 years ago #

    Just spent the evening cleaning the Santy worm from my forum at http://www.cilibrin.net/rolldice

    Problem is my .php and /html files are affected in WordPress and Gallery.

    Does anyone have any advice about cleaning up the files?

    My WordPress blog is located at http://www.cilibrin.net/blog

    Many thanks all!

  2. James
    Happiness Engineer
    Posted 9 years ago #

    The best advice would be to restore everything with your most recent backup.

  3. Cilibrin
    Member
    Posted 9 years ago #

    And if I can't restore to an older vesion?

  4. James
    Happiness Engineer
    Posted 9 years ago #

    If I got hit by Santy, if I didn't keep weekly backups (which I do), and knowing the damage that Santy can cause, I'd start over from the beginning and get in the habit of keeping regular backups. Sorry.

  5. Cilibrin
    Member
    Posted 9 years ago #

    I just copied over all my old files with the latest version of wordpress. My files are cleaned up, but when I load the http://www.cilibrin.net/blog page, I'm still getting two <iframe> references in the page source.

    What would I cleanup to remove those <iframes>?

    Any yes, you're right about regular backups. Lesson learned.

  6. James
    Happiness Engineer
    Posted 9 years ago #

    Any reference to iframes would be in index.php. Since you're using the default index.php, replace that with the one from the WP download as well.

  7. Cilibrin
    Member
    Posted 9 years ago #

    I did replace the index.php with a default from the WP downloads. Still getting the <iframe>. Take a look at this url, and you'll notice the browser is also trying to load other domains: http://www.cilibrin.net/blog

    As far as I can tell, I've stripped the iframe script from every .php, .html, etc. page. Not sure what else to do...

    Any reference to iframes would be in index.php. Since you're using the default index.php, replace that with the one from the WP download as well.

  8. James
    Happiness Engineer
    Posted 9 years ago #

    Well, what I'm seeing here is that you haven't replaced all of the WordPress files. Give it one more shot. Except, this time delete the files off of your server first, then upload all of the files from a fresh WP download. Overwriting files via FTP leads to incomplete transfers.

  9. Cilibrin
    Member
    Posted 9 years ago #

    Thanks. I'll delete the directories and upload, instead of overwriting. Many thanks...

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.