elandgren

Friends,

I have recently been exposed to this attack.. and all of my sites were “hacked” or “exploited”. After reading and testing, I just want to share my experience in order to avoid these kind of things..

1) First of all, it is not a wordpress problem… it is your problem.
2) The attack is caused by a trojan that resides in your computer, 99% that you have windows.
3) This trojan stoles all your FTP credentials (and who knows what else), and are used to access your site accounts and modify your code, inserting an <iframe> in some cases. In other cases, these kind of virus insert a compressed javascript code.

Solution.

0) CHANGE YOUR FTP CREDENTIALS!! AS SOON AS POSSIBLE.
1) Backup everything & donwload hopefully to a clean computer.
2) Remove the trojan from your computer using a antivirus.. nevertheless, I finally decided to change my OS as I do not trust in antivirus and windows anymore.
3) Clean your code removing all iframes and jscript code that have been inserted by the trojan.
4) Check you databases and remove suspicious code from there too.
5) Upload your site again and pray.

I spent 2 weeks on this task, and I really feel that I have share this experience with everyone, as it is not well documented.