Do you have installed the wordpress autoresponder plugin?
No. I only have a few plugins running :
Contact Form 7
DiggDigg
Google Analytics
Google XML
NextGEN
Widget Logic
Your site is hacked. Now I have a client that has the same problem.
If you look at the source code of your site you can see that image insertion after the end of html tag. I though it was from that autoresponder plugin because it has some encrypted php code in it.
As I see, client uses:
Contact Form 7
Google Analytics
Google XML
and
NextGEN
If you want to remove that image you can find it in index.php file.
I will have a closer look to see If I can find the source of the hack.
If you put others websites on that server, all of them will be attacked, only your current wordpress site will work. That tells me that can be a problem with a wordpress plugin. We will see, maybe someone discover the solution faster than us!
Oh.. I hope someone finds out the source of the hack..
I will try and fix the issue as you told.. Thanks a lot.
I removed the link from the index.php page and it works now. Thanks.
Yes, but unfortunately the hack is still there. Update WordPress and update all your plugins.
Hi!
I’m from Brazil and I also had the same problem (code “img” inserted after tag “<\html>”). But it did not happen only with my wordpress blog, but also with other sites that I have.
:/
I don’t know yet the cause of this problem 🙁
Maybe if you have more details. Give us a list of your plugins
Everything shows as updated, so it is not letting me update. There’s an option to reinstall WordPress. Should I do that? Will my data be saved?
Hi,
I’ve notice the same hack problem on my ftp. Something added that <img /> tag in most of index.php files on the server, created .log/ directories and put few .php and .htaccess files like “girl.php” “southpark.php” etc with some mod_rewite rules in .htaccess. I don’t have the exact source code, because I’ve deleted it as soon as I spotted it.
I had an older version of WP installed in subfolder of my server, but I’ve never published it. Whole attack took place on the 21st of April.
Hope you get some more info on that crap and help to identify the source.
Best regards
Batat
I don’t have much experience with PHP. My site is new, so I think it might be better for me to just delete everything and start over. Remove the WordPress installation, delete the folders, delete the database and just reinstall everything.. But what if it is a plugin which is causing all this.. Then it’ll just happen all over again =(
Checking Google Analytics, I can see that all the visits were from my city (most probably all by me), so I’m wondering if the culprit is a plugin, or something on my computer…
Very easy to figure out if is from your computer. You’re a designer, but maybe you have Dreamweaver or other editor. Open the editor, create a new html page, write something in the body of that html file and save it. If you have Dreamweaver write something in design mode. Save it, close,open it again and you will see if the malicious code is there. If is there don’t forget announce here!
Hmm I’ll try that right now..