Hello, I recently noticed that my RSS was not working, so I did some checking and the following line of code was causing the problem: So I checked my wordpress theme files, however I could not find the code line to delete, and I have no idea how to remove it. Does anyone have an idea what this is or how I can remove it?
1. its a 1x1 pixes gif that connects to a remote counter - intended to count how many times your feed loaded by subscribers 2. may be you got the RSS script or feed from other source 3. that file most likely is in your RSS template 4. as a general rule: it always helps to keep your site clean and secure by first starting at the basics http://validator.w3.org/check?verbose=1&uri=http://filmonic.com/ cleanup ALL errors - TOP to bottom 5. you are using mRSS and NOT RSS the feed items causing validation error appear to be in wrong format. or wrong DTD study, google for mRSS specs and see how to solve if your feed auto-created, then may be updated your feed-creator or change to other plugin creating valid mRSS line 149 <p><object width="500" height="295"><param name="movie" value="http://www.traileraddict.com/emd/7982"></param><param name="allowscriptaccess" value="always"></param><param name="wmode" value="transparent"></param><param name="allowfullscreen" value="true"></param><embed src="http://www.traileraddict.com/emd/7982" type="application/x-shockwave-flash" allowscriptaccess="always" wmode="transparent" allowfullscreen="true" width="500" height="295"></embed></object></p> line 392 <!-- o65 --><img src="http://vstnews.ru/uploads/stats/s.gif" border=0 ><!-- c65 --> I have been hand creating a while mRSS for some of my own feeds ( now i use plain RSS2.0 instead of mRSS and all above looks very much as wrong RSS code. study mRSS specs or create plain text RSS2.0 instead 6. conclusion know what you do and do only what you know
The vstnews.ru is trojan site which holds "MSIE DHTML CreateControlRange Code Exec", a drive-by-download trojan. So you'll ask that gif image is trojan ? It is what I call "victim verifier". If victim browser is detected as a vulnerable version of Microsoft Internet Explorer, then the exploit will run.
Probably your Wordpress installation has been compromised. Remove everything and install a NEW version. You probably forgot to update. Always install the latest patches or updates!