[resolved] Iframe injection script (7 posts)

  1. hmoran
    Posted 4 years ago #

    Has anyone seen this script show up in the footer of your wordpress install? I have a few clients on WordPress and this script starting showing up today. It also causes the admin dashboard not to render correctly when you log in. has anyone figure out how to clean this out?

    Here the code that gets added to the bottom of the pages:

    [Removed - please post on http://wordpress.pastebin.com/ instead]

  2. Sounds like a hack. You should review


    Also, next time, PLEASE post stuff like that on pastebin and not in the forums, so you don't infect anyone else. http://wordpress.pastebin.com/

  3. hmoran
    Posted 4 years ago #

    Thanks for the info. Looks like Pastebin is under heavy load. Will wait to post...

  4. hmoran
    Posted 4 years ago #

    Ok, here is a link to the hackers code I am seeing at the bottom of my wordpress site: http://pastebin.com/Y9iBKkbx

    This code is showing up at the footers of my websites.
    here is one site you can see if you look at the footers source code.

    Has anyone seen this?

  5. Again, as I said, it looks like your SITE was HACKED. Read the hacked FAQ I linked to.

    Regardless of if we've seen that particular injection before, the cause is usually your site being compromised, so go get on that :)

  6. hmoran
    Posted 4 years ago #

    Found the issue. one site on the server was hacked and hackers placed PHP code on one site which was pushing to all other shared hosting accounts. Once we suspended the account all code stopped. In the process of cleaning this up.

    FYI it was a MODX site that was hacked. Sorry not WordPress

  7. Alas, that would be the second most common cause I've seen (most common is a user with shoddy passwords/security behavior). Glad you found it!

Topic Closed

This topic has been closed to new replies.

About this Topic