Support » Fixing WordPress » Iframe injection script

  • Resolved hmoran

    (@hmoran)


    Has anyone seen this script show up in the footer of your wordpress install? I have a few clients on WordPress and this script starting showing up today. It also causes the admin dashboard not to render correctly when you log in. has anyone figure out how to clean this out?

    Here the code that gets added to the bottom of the pages:

    [Removed – please post on http://wordpress.pastebin.com/ instead]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    Sounds like a hack. You should review

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    Also, next time, PLEASE post stuff like that on pastebin and not in the forums, so you don’t infect anyone else. http://wordpress.pastebin.com/

    Thread Starter hmoran

    (@hmoran)

    Thanks for the info. Looks like Pastebin is under heavy load. Will wait to post…

    Thread Starter hmoran

    (@hmoran)

    Ok, here is a link to the hackers code I am seeing at the bottom of my wordpress site: http://pastebin.com/Y9iBKkbx

    This code is showing up at the footers of my websites.
    here is one site you can see if you look at the footers source code.
    http://www.jwcgolfcarts.com

    Has anyone seen this?

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    Again, as I said, it looks like your SITE was HACKED. Read the hacked FAQ I linked to.

    Regardless of if we’ve seen that particular injection before, the cause is usually your site being compromised, so go get on that 🙂

    Thread Starter hmoran

    (@hmoran)

    Found the issue. one site on the server was hacked and hackers placed PHP code on one site which was pushing to all other shared hosting accounts. Once we suspended the account all code stopped. In the process of cleaning this up.

    FYI it was a MODX site that was hacked. Sorry not WordPress

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Advisor and Activist

    Alas, that would be the second most common cause I’ve seen (most common is a user with shoddy passwords/security behavior). Glad you found it!

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Iframe injection script’ is closed to new replies.