stoned
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: iframe injection problem?It should also be noted that I do allow both user registrations and comments on these blogs, but require moderation for comments. Had not seen anything fishy when approving comments. Should I turn off user registrations?
Forum: Fixing WordPress
In reply to: iframe injection problem?Alright here is some more information from my end in hopes that it can help things..
I had an issue in the past with the iframe injection into a couple of my blogs (back then I had only about 8), I removed the code and upgraded to the newest version of wordpress. Unfortunately I only documented the code and not the actual sites that it was found on. This was probably 4-6 months ago and since had not had any issues until last week.
Most of my blogs hold position within google for terms that get me sales on a daily basis. At the beginning of last week I noticed a drop in sales, and upon searching on google noticed a link underneath my blog saying “This site may harm your computer”. Upon looking further into it I realized that someone had once again injected code into my posts.
I removed it, upgraded to 2.5, asked google to reanalyze my site, and about 5 days later the link was removed and I was back to business (or so I thought). During this time frame, I upgraded my 170+ wordpress blogs to 2.5 (a MAJOR pain in the butt), and scanned posts on the others to make sure the code had not been injected. After the countless amount of hours spent, I assumed I had solved the issue. Well the past two days I noticed a decrease in my main money making blog, and upon checking google I saw the damn “This site may harm your computer” link again, this time on a new site which had never had it before.
I am positive the code was not there last week when I upgraded to 2.5, and was injected since. Searching around on google I cannot seem to find much information on how to resolve the issue, which is how I happened upon this page. When potential customers click my site, it takes them to a google page warning them, so I essentially lose ALL of my sales during the down time. I am pissed to say the least.
When I went through the sites checking posts and upgrading to 2.5 I notated the ones which had been injected, and going through them the only plugin that they share would be “Google XML Sitemaps by Arne Brachhold”. Could this be the issue? That I have the sitemap files set to CHMOD 666?
So, the blogs which were injected, were upgraded to 2.5 from a previous version of wordpress. I will have to start the time consuming process of manually checking the posts on all 170+ blogs again to see if any others are compromised.
This is costing me a ridiculous amount of money, I would appreciate any input on how I can secure these blogs and resolve the issue, which is why I provided so much. I will check back often so if you have any questions regarding my situation I will happily answer them.