You keep hearing this and never think it will happen to you too... Yesterday one of my visitors told me that when opening one of my pages he got a trojan alert. I checked my code and found in all the indexes a script inserting an iframe pointing to another site. I deleted all the malicious code I could find but... Here come my questions: - how do I check if my code is really clean now? - how do i prevent this from happening again? The worst thing is that this is an old intrusion as by checking one of my sites, it appears as marked unsafe by google... another thing I'll have to fix... God, I hate when this happens. So, please if there is any solution you know to my problem, share. I hate to try 1000 fixes found on Google and not be sure if they work or if they do more wrong than good... Thanks to all who will take the time to post here. Oh, and just in case anyome could look at the code... the sites are: thepimppanther.com thepimppanther.com/wordpressthemesdemo
Is this in a shared hosting environment or on a VPS/Dedicated server that you have root access to ? Tropp
The code on your home page, at least, looks clean now, and the site isn't flagged by Google. You're using WordPress 2.7.1, which is the latest version, which is good, but you're using one or more plug-ins and/or themes. Check each of them at http://secunia.com/advisories/search/. If any has a more recent version, install it. If any has unpatched vulnerabilities, stop using it. Not being flagged by Google is a good indication it's ok now. You did well by finding and fixing the bad code manually. Keep watch for unknown <iframe or .js JavaScript code or other code that looks suspicious. Keep WordPress and all plug-ins, and all other software, up to date. Change your passwords. Use long sequences of random characters. Use a good antivirus program (not AVG free) on your PC, to prevent a virus from stealing your FTP passwords. Did you install the new WP version only recently? If so, the hack was probably the result of using an outdated version. Otherwise, you may have to get the timestamp of the hacked files and review your access logs to find out how the hack occurred.
just install proper antivirus in ur pc next in server install mod_security if u have root or as the host to install that + keep changeing ur ftp pass least twice in a month
Thank you, guys. To reply to your questions, the hosting is shared. I have been using the last WP version since I set up the blogs. Steve, thanks for the advice. I'll check everything with the link you provided. As for changing passwords, I'll probably get very paranoid about it from now on.