WordPress.org

Forums

WARNING - New sort of hack or exploit (8 posts)

  1. Folreg
    Member
    Posted 2 years ago #

    Today I checked my wordpress site and got some phone calls of customers. Virus scanner blocked the sites of my customers. It is named: JS:Iframe-UZ [Trj]

    So I checked - and I found this in the header.php of my themes.

    [Code moderated. Please do not post hack code blocks in the forums.]

    I can't find any news or info about this exploit on google or wordpress news sites. But I got this hack/exploit on my wordpress installs with the latest wordpress version and updated plugins. And total secure chmod and all the security measurements and so on.

    I use different themes and 5/10 got the exploit/hack in the header on different servers. So I want to warn people please check your wordpress theme.

  2. esmi
    Forum Moderator
    Posted 2 years ago #

  3. Folreg
    Member
    Posted 2 years ago #

    Ok thank you. Still its default moderator reply...

    No update about this? My sites are secure like fort knox..

    And I'm not happy with this idea.. its still unsecure..

  4. esmi
    Forum Moderator
    Posted 2 years ago #

    The fact that your site was hacked does not mean that there is a security issue with WordPress core. It is specific to your sites and/or servers.

  5. Folreg
    Member
    Posted 2 years ago #

    I got 5 defaults wordpress installs. On 3 different servers.. And all got the same thing in the header.

    And I got msg from a friend who got 3 sites now with this exploit in the header.php.

    So really its specific..

  6. So really its specific..

    Not necessarily, it could be that you're just repeating the same insecure setup on different servers. That's not me being harsh or obtuse, but aside from WordPress you may want to identify the common denominator(s) between you and your friend's installation.

    Ok thank you. Still its default moderator reply...

    That default response is offered because it's complete and thorough. There's no short cut to delousing an infected server/WordPress installation. It's a lot of work and getting through that reading material can help you get out of the jam you are in.

  7. wolfdent
    Member
    Posted 2 years ago #

    i woke up this morning with this problem it's seems to be a new and anoying hack or worm whatever you want it to call it . . . script . . anyway the only thing that helped me was erase my wordpress instalation and install it again . . i'm actually learning about wordpress so i had nothing on my site . . . so if you have a backup delete your site install again and upload your data . . it's easier . . at least for me it was . . i think the only thing good out of this is to make backups everyday . .

  8. MickeyRoush
    Member
    Posted 2 years ago #

    @ Folreg

    Are all your sites with the same host? You mentioned different servers, but are they the same host?

Topic Closed

This topic has been closed to new replies.

About this Topic