I have a site that is based on Wordpress. It has been working fine. This morning I had added my Google Analytics code to the footer and decided then I would update some plugins. Anytime I clicked on the settings of a plugin I had added it took me to: http://example.biz/ I have disabled all plugins and added then back in one at a time and it still does it no matter how few I have and when I change up the order I reload them. I had someone looking at it and he is giving up after working hard trying to figure it out. He did discover the hacker is somehow loading an iframe to facilitate promoting his url. If anyone is willing to take a look I would sure appreciate it. Let me know by PM and I will send you ftp, wp-admin etc. The other member has done this: -checked all plugins for malicious code, and deactivated them -checked .htaccess in root + subfolders -installed a fresh copy of WP 2.7. -checked database for noscript, display,... Also see image attachment below for more information he provided. Thanks so much.
Ground rule if you use popular CMS 1. Always check updates once a week or 2 weeks 2. Always use trusted/tested plugins. There appear vulnerabilities in Joomla! plugins every week or so. However, we, web developers, have the risk of being attacked/hacked. If your PHP is php 5.2 at least, you can try PHP IDS at http:\\php-ids.org
It appears a theme I had developed by some friends in India was very vulnerable. I ended p having to replace the theme. Also, the culprit was a dirt bag from China that placed a redirect script on my domain.
1. Always keep backup. 2. If you get hacked, dont try to remove the hacked attempt codes as the codes of hacking are spread all around the site which will surely make your site more vulnerable to any other hack in future. 3. Get the backup up and running. If you have different roles in your site with different permissions of admins/mods etc, reset them all.
Please don't keep hacked backup !!!! I've seen a friend who backups from the server. He kept regular backups. He didn't even know when his site was hacked. When he came to know, he restored. He RESTOrEd the hacked backup. Never finished!