swebbILMy wife's site was hacked over the weekend, which we just discovered today. I spent several hours going through the FTP log files and identified several specific php and index.htm files that were changed at a specific time on Sunday to include certain code which generated javascript code at the bottom of the HTML files when viewing the site.
I removed the code from the php files and have successfully tested the site in Chrome Browser, and every page appears completely clean (using view source confirms no script appears at the bottom). However, when I go to the site in IE or Firefox it still appears with the javascript and attempts to force a download of a trojan virus.
Now here is the really weird part. If, still in IE or Firebox, I log into the wordpress admin panel, go to 'Pages', and then click "View", it brings up the site totally normal. I can click through all the pages and none appear with the malicious javascript at the bottom.
I've been able to repeat this everytime and it just doesn't make any sense to me. Clean in Chrome, Still affected in IE & Firefox, but Clean in IE & Firefox IF I go through the Admin Panel.
Please someone have an idea to help...
MickeyRoush
