I get the same message. Someone have a fix?????
There is a fix but it’s different for every install. These hackers got sneaky. If you have TimThumb installed in your theme, you might get this virus.
Read this:
http://wordpress.org/support/topic/iframe-hack-3
@coolguygreg clear out the cache in Chrome after you have cleaned your WP install
I have the same issue, sucuri indicates that my jquey file and another file are infected also when I downloaded my backups to windows my antivirus detected infections in 2 PHP files.
Malware found on javascript file:
http://****.com/wp-includes/js/jquery/jquery.js?ver=1.6.1
Malware found on javascript file:
http://*******.com/wp-includes/js/l10n.js?ver=20101110
Backdoor:PHP/Merview.A
\wp-admin\common.php->(SCRIPT0000)
\wp-admin\js\config.php->(SCRIPT0000)
Can also confirm that I have timthumb in my WPZOOM theme.
Could someone please email me too..I really need a walk-through to deal with this.
Thanks!
Andrea Rennick
(@andrea_r)
Customer Care at Copyblogger Media and Studiopress
and also change your ftp passwords. if they get into the server itself, it does not matter how secure WP is. they can get to your files like you can.
Also moving this out of the multisite forum.
@magzparmenter you can do it! Follow these instructions. It can be overwhelming but a fresh install later and clearing out your browser’s cache will be a huge help.
http://wordpress.org/support/topic/iframe-hack-3?replies=42#post-2290168
FOLLOW THAT LINK!!!
I agree with Jorge, the best way to ensure your site is clean is to back everything up and start fresh and load everything back one at a time while testing to make sure what you are putting back works properly.
I know this sounds awful, but I’ve never done anything like this before. How do I get a backup that won’t also be infected?
@magzparmenter
You download EVERYTHING (the new WP install and all your plugins) from WordPress.org and if you’re using premium themes, make sure they’re not running the TimThumb image resizing library.
IF YOU DO RUN TimThumb, make sure your server (localhost) is the only domain that can write into your directories. You can do that by opening up /timthumb.php or /thumb.php in your theme and configuring not to allow remote access.
EDIT: I have never used TimThumb for anything! WordPress has built in features and support to resize images and serve up image thumbnails on the fly. To me, it’s a lot easier to use the_post_thumbnail function. That’s just me though.
TimThumb has been updated to fix the security hole, so you need to go into your theme directory and replace timthumb.php with the new one from here
http://timthumb.googlecode.com/svn/trunk/timthumb.php
More info:
http://www.wpzoom.com/forum/viewtopic.php?f=21&t=5080
OK, so sucuri now says my site is clean…but half of my images aren’t showing up!
I stupidly deleted TimThumb and now I can’t get it back and not sure what to do…although, I have an Elegant Theme and they said they don’t use TimThumb anymore because of its known vulnerabilities (no kidding!!)
Grrr….grrrr…..grrr….
Hey troops,
I got this off a Slider plugin but I still got an error message with:
http://*******.com/wp-includes/js/l10n.js?ver=20101110
Is it just the plugin that is knackered or something else?
Just asked the server boys to rinse it out and hopefully that will work. The plugin incidentally is called ‘Easing Slider’ by Matt Ruddy.
Anything else I need to do?