MrMarco

Since I can’t get into the admin backend AND assuming the problem is with the technotags plugin… can I simply remove the plugin through my ftp client without disabling it first to see if that clears up the problem?

Sorry Michael – I thought that was the latest… I’ll upgrade as soon as I can.

But when I do login the only thing that appears on the screen are the error messages and none of the backend stuff.

Michael – Thanx for the reply but I do have the latest version uploaded.

Thanks, I hope it will be ok. I made some modifications and if I can remember all of them, no problems. Operative word is IF. lol

Maybe try clearing the cache in your browser…
I’m not sure but that may be it.

kirker62 – I was going to upgrade from 2.0.3 to 2.0.4 and I thought the upgrade might affect some of the hacks I did to the template… color changes, banners, etc.

Did you find you had to redo somethings after the upgrade?

*UPDATE*

It seems more and more that the culprit is the template itself. Seems it has a counter attached and the trojan is part of it. I’m going to trash the template… contact the dude who made it… and try to find another one I like.

…Oh the drama! LMAO

lol – I guess that’s not the way to italicize the text here.

Spencer – First, Congratulations on 5 1/2 months bro! Second I did send them an email with Podz quote, I’ll let you know their response.

Here are a couple of quotes from their emails:

[i]”I noticed you also have a link to zipped content. You may want to try cleaning up your templates to determine where the exploit is in the template.”[/i]

[i]”Wordpress dynamically generates your page when your page loads. All your index.php has on it is:

<?php
/* Short and sweet */
define(‘WP_USE_THEMES’, true);
require(‘./wp-blog-header.php’);
?>

From the above code your page is generated each time a surfer hits it. Somewhere during the page generation process that javascript is being inserted in with the html. Try using a new template with the minimal features to see if you can determine where the actual exploit is. Try just a basic page with some text on it and then view the source to see if the javascript was inserted.”[/i]

Spencer – Thanx for the reply. All my folders, including index.php, are in fact 755 but the files are 666. The exceptions are, photos folder and uploads folder both at 777. I know this is not great.

I also have zipped downloads. Would they be the possible culprit? If I remember correctly the chmod needed to be changed for those 2 folders to get the feeds.

I have changed the photos folder back to 755. I cannot change the uploads folder to 755. I get the following error:

FTP error: SITE CHMOD command failed. (uploads)

I need a drink!

An email I just received from my hosting company said this about the problem:

“It’s an exploit in the wordpress code. When the php dynamically generates your index page it is getting that javascript inserted.”

Hopefully one of you guys understands what that means. I kind of understand it but I have no idea what to do about it but come here and ask.

Thanks again,
Marco

Joshua – Thanx. I’ve seen those files and thought the same thing.

But now… What do yoou mean “Point your link to your wordpress/feed/”

See, I am a simpleton in regards to this stuff. LOL

Also, will that upload entire articles to my site permanently or just revolving links?

Thanx again

podz… I’ve tried what you suggested and it does seem to allow me to write in the post area, sometimes, and even when I can get the text into the post area I cannot publish. When I try I get the same error message. Even if I type it directly into the html source.

Just a thought though… It is a health website which will include the word “curl” for an exercise. If that is it, what might I do to circumvent the issue in the future?

Thanx podz – I’ll give that a go.

Philip – You had to ask me to think, didn’t you? lol
I didn’t have anything in particular in mind but after you mentioned it my mind started spinning… So I sat down and had a drink.

Seriously, I’ll think of somethings and see what comes out. If it happens to be decent I’ll let you know.