1.5.1.3 upgrade to 1.5.2– best method?

Please look at your last thread about this matter.

And in answer:
https://www.ads-software.com/support/topic/41866
and you do not need to run upgrade.php

Hey Podz,

Thanks for your upgrade advice. Seems to work like a charm. Since I have this ‘issue’ arising now again, two questions:

1. What is it?
2. Should I store a back up of this install, so that when it happens again, I just reinstall?

1. If you don’t know what it is – meaning if you did not put it there – get rid of that code. Use a new wp-config.php file from a fresh download.

2. Backup anyway – they are good things to have. Esp the database.

How did you install wp the first time ?

TheOneAndOnly,
I figured out the code by having Javascript echo to me the result of that function. Basically, it is code to obscure the text that it is writing to the browser. If you didn’t put it there, someone else has write access to your wp-config.php

the iframe just holds a stat image… the person who put it in your wp-config.php must want that image to get a lot of hits, for some reason. Either that, or they’re trying to do something worse, but don’t know what the heck they are doing. You’re fortunate that this is the worst they did… they could destroy your blog, steal your passwords, or worse. This very likely happened because you’re on a shared server. It would help if you told me where your website is, because I can see whether or not you and that other site are on the same server, and then you’ll have someone to report to your host.

Anyway, you can help protect yourself by changing the permissions on wp-config.php 644 permissions should be safe. They’re probably 755, 766, or 777 right now.

Use your FTP editor to do this… it’s different for each one… but usually something along the lines of “right click file” and then “CHMOD” and then selecting 644 permissions.

At any rate, tell your host what happened and give them both the javascript you showed me and the iframe html that I translated it into.

I’m suspecting a hack myself. The reason why is that my PHP board ALSO has a problem. C’mon, three blogs AND a php board on the same day? I’m not sure it’s malicious as much as a worm or something on a shared server space from iPowerWeb.com.

My site blogs have been fixed. Here’s one fixed blog:

https://www.macliberals.com/saucyblog/

Here’s a forum which is still screwed up, since I just discovered it and haven’t fixed it yet.

https://www.macliberals.com/v-web/bulletin/bb/viewforum.php?f=1&sid=53a2c347ef40a386e2f9761e17a0f1fa

You should see a ton of error messages up top…

Having difficulty making the CHMOD thing happen, but will keep you posted.

Of note and weird: if you look at that first link, directly below the AppleSaucy logo is a tiny black triangle. That’s not supposed to be there, and has been gained since my fix. (Although it may have been there before my fix, but definitely arrived with these issues.)

Now if you go to my second link, scroll down a little. Under the HOMEPAGE image link but above the beginning of the forum rests another one of these triangle/square things.

In fact all my blogs now have it.

????

EDIT: I can only see these triangles in FIREFOX. SAFARI doesn’t show them. I got paranoid, investigated, and surprise surprise this javascript batch of numbers appears within nearly everything. For instance, it resides in sidebar.php.

I doubt a human manually hacked this, for it would take hours. I believe it’s a script of some sort. Worm. Whatever.

Podz,

This code was discovered a year ago at PHP’s forums. It’s a virus or trojan. Annoying. Trying to figure out what to do next.

More info:

https://www.phpbb.com/phpBB/viewtopic.php?t=241811