Contact 7 wordpres plugin virused?

I have code injected into that plugins files. I have cleaned up but in a few hours it is back. I have the same issue on many blogs. Anyone else experiencing this? How can I fix the problem? I have changed DB and FTP passwords.

 

You are going to have to give us way more information.
Post again with source code and LOTS of details.

Thanks,
-Tony

 

Nothing much to say.. A few files of the contact7 wordpress plugin had eval(base64_decode()) in them. I have cleaned up and after a few hours it was back. Now I added captcha and I am waiting to see what will happen..

 

I was thinking source code.
Personally, I don't use wordpress. I don't know how it works. I just thought that, with more details, wordpress users could help you better.

Sorry I don't know how to use wordpress.
-Tony

 

Did you try downloading a fresh copy of the plugin from the source site, and uploading it to your site?

 

You still need to tell us a bit more.
I have wordpress and contact 7 with no issues, (but of course I could just be lucky).

I have the latest files, (3.4.2 wordpress and 3.3.1 contact 7).

Are those up to date? What other plugins do you have?

Also change your server passwords, (root, ftp etc...), often hackers just make small changes like those you are seen rather than a full blown defacement.

FFMG

 

Everything is up to date. I deleted the plugin and added a fresh copy. It got virused again. I removed the plugin and the problem disappeared.
Sometimes the wp-config file got virused too. Now it seems that everything is okay, after I completely removed that plugin and did not add it back.
I guess the plugin has issues.. Even though I limited the maximum characters in my contact forms..

 

I still doubt there is something wrong with the plugin, (or wordpress), but you might want to contact the developer directly to see what he has to say.

I still think that your password has been cracked, (not your admin one, your server), there would be no harm in changing all your passwords.
Are you using the same password all over the place?

What other plugins are installed?

FFMG

 

I have changed all my passwords and the problem remained.

Plugins:
Akismet (x2)
All in One SEO Pack (x2)
Google XML Sitemaps
Lightbox Gallery
Milat jQuery Automatic Popup (x2)
Newsletter (x2)
NextGEN Gallery
Post-Plugin Library
SEO SearchTerms Tagging 2 (x2)
Sexy Comments
Subscribe to Comments Reloaded
WP-Optimize
WP-PostViews
WP Events Calendar
Wysija Newsletters
Contact-7 plugin (x2) was removed!

What is strange is that this plugin http://www.satollo.net/plugins/newsletter updates too often, almost daily. The author confirmed that the plugin is his and he does the updates and it is safe.

So.. I dunno what to say.. I am still not sure how they got in. All I can say is that after removing the contact-7 plugin, the problem went away.

The (x2) means that I had that plugin on both my virused sites. Some of my other sites have the same plugins but had no problems. Maybe they are not interesting enough for the hackers..