Iframe Malware in Wordpress

by JustBeachy on August 14, 2008

So, apparently, those comments and emails I received actually were a real issue? I was playing with my site today when I should have been working, and I upgraded to Firefox 3.0. When I did this, the next time I viewed my site I got a great big black screen with a Big Red Warning that my site might be infected. This was after I upgraded to 2.6 and imported my posts back in. The script was actually in my posts.

I guess google is doing this big campaign, and at the same time, wordpress was having a security issue with some of its versions, and I guess if someone knew what they were doing they could register on your blog then infect your posts with a hidden iframe script? I remember a few months back some jibberish registering as a user .. I was nice enough to even send them an email to tell them there was no need to register (and that I had deleted it), and if anything were private only, only friends and family would be allowed to view it. bastards. I don’t know if wordpress fixed the deal, but I guess if you turn off anyone can subscribe than you are secure? (hopefully)

Anyway, I found two iframe scripts in two different posts and deleted them. I then found a site where you could check do a check for parasites and it kept bringing up a hidden iframe almost the same as the deleted items? I ended up exporting my post into a text document and then searching for the “traffic statistics.” It brought up both the deleted script and also two other auto saved / revision posts that had the hidden script in it.

I deleted both posts and my site tested clean. What a big pain in the ass this has been today.

Here I am wanting to make my new template all pretty pretty, and I have to spend the whole day figuring out how to find crap I have no idea how to find. Google is great at telling you you have a problem and then they get all technical and dont really tell you what or how to get rid of it. Also..It would have been really nice as a subscribed google account holder, if they would have notified me that my site may be infected instead of just slapping a big ole Risk sticker on my site. Google’s taking over the internet and wow, we have no recourse.

Bottom line for me is to keep my wordpress software current with each revision and subscribe to the rss the feeds.

I really just wanted to post this here in case someone else like me is flagged and is searching “mostly to no avail” about what it is and how to fix it.

You can enter my site now :)

{ 1 comment… read it below or add one }

1 Wendy 08.15.08 at 4:06 am

Glad it’s all clean now … must be the virus my software was finding when I visited here.

Sorry you didn’t get to make it all pretty, but I’m sure you’ll get it done soon.

Have a great weekend.

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


Comments links could be nofollow free.