Alright, this all happened to me while I was out of the house using the schools library computer a few hour ago. I was browsing my site, nothing out of the ordinary. My site is a wordpress based blog, just in case it matters, version 2.7.1 (latest). I go to click on to go to Page 2 of the index page (browsing through posts) and I am greeted with a "Blocked" page. (I'm at school, they filter websites.) I went back and hovered over the link to see what was up, and this is where it linked to: http://mydomain.com/page/2?SomeCodeHereRedirectingSomewhere It was redirecting to a .swf file on a site called mixcom.ru (DO NOT GO THERE. May be malicious.) I immediately went onto the sites wp-admin (control panel for wordpress) and looked through all the necessary files to see if I could find the source. Nothing. I went back to the page and refreshed a few times, and it was back to normal. The odd addition to the link was gone. Back to normal... (Note - when I first noticed the odd link, I had refreshed, cleared my cache, tried another browser, it was still there). This appeared to only have affected my pagenavi plugin (it's used to display pagination on wordpress blogs, "Goto page 1, 2, 3, ..." etc...). Was I hacked or something? This never ever happened before. Any comforting words appreciated, lol. Thanks.
This could be due to some advertising company code ( like popups, etc. ) .. They like to mess everything up ( that's only in case if you have one )
Nope, none of that on my site. Plus, when I clicked the link and saw the "blocked" page, it said because the site was "Malicious Code". Definite spyware or something I'm guessing.
It was the schools filter that said it was "malicious code". Search for mixcom.ru in google. it doesn't look like a very trusty site. I'm looking to hear what you guys have to say, what I should do, find out how the code got there, etc...
Even though you are running the latest Wordpress, if you were hacked before upgrading and didn't notice it then they might have left a back door to get in again that you missed. I wouldn't take any chances, and would do a complete wipe and reinstall. I wrote a decent tutorial here: How To Completely Clean Your Hacked WordPress Installation Also, once you do get it cleaned out, make sure you switch to a new, nice strong password: Password generator Good luck with it. -Michael