Support » Fixing WordPress » WordPress 3.0.1 Intrusion through TinyMCE

  • I have just had 2 WordPress sites hacked by the addition of two files into the /wp-includes/js/tinymce folders and the insertion of HTML into the publicly facing files referencing those new files.

    Here is the HTML found after the <body> tag:
    <ads><script type=”text/javascript” src=”/wp-includes/js/tinymce/utils/drb-slider.js.php”></script></ads>

    The other site referenced this file:

    These two files, drb-slider.js.php and jquery.rating.js.php are, of course, not part of the TinyMCE package that comes with WordPress, yet these files were inserted nonetheless in the attack. They contain rather nasty looking scripts that reference content on the IP address listed in this Norton warning:

    Has anyone encountered this intrusion before? How would one go about preventing this from happening again?

Viewing 1 replies (of 1 total)
  • I discovered a similar problem. I was alerted that my site was serving malware from and from

    I couldn’t find anything through a direct search of the code, however when I ran a ClamWin antivirus scan it discovered the following file as being an infected file.


    I think this post is about a similar problem.
    Trying to solve virus/malware problem

Viewing 1 replies (of 1 total)
  • The topic ‘WordPress 3.0.1 Intrusion through TinyMCE’ is closed to new replies.