Possible wordpress/server exploit?

October 19, 2008 | Published in: Out of the Blue | Tags: 2

In the last week a few of our blogs have been hit by some malicious JavaScript which won’t let you leave the page and will display adverts for dodgy malware scanners. Somehow the JavaScript was inserted into the index.php file in the site root. I’m not 100% sure how it was exploited, but in case you come across it, the code is inserted below the html tag in the index.php file so delete that code; I also recommend changing the file permissions to 444 (read only) just in case.

Found this post useful? Why not buy me a coffee!

Related Entries

  • No related posts found

2 Responses to “Possible wordpress/server exploit?”

RSS feed for comments on this post.

  1. Aaron says:

    I had a similar problem last month, even though I had the latest WordPress version installed. If you’d view the pages’ source, you’d see lines and lines of js, and all google ads would be replaced with po*n & spyware banners.

    ReplyReply

    Comment made on October 19, 2008 at 8:03 pm

  2. Anthony Brewitt says:

    I have the same problem on a sites running a few different version of WP. Changing file permissions seems to do the trick. Take note: it affects all index.php’s; root index.php, wp-admin/index.php and wp-content/index.php – make all read only!

    ReplyReply

    Comment made on October 20, 2008 at 12:53 pm

Leave a Reply

About this site

Blue Anvil is the online web design journal & portfolio of , a web designer from Norfolk, England. Read More »
MiniCard Theme for WordPress

  • Featured work - More

    • Beefjack
    • Integrity
    • theotaku.com

  • Latest Tweet - More

    • RT @jameskoster: Free MacBook Pro vector; http://www.potatoestomatoes.co.uk/technical/free-macbook-pro-vector/ #vector #resource

  • Out of the blue - More

    • Closing the Forums

      Just posting to let current users know that I’m closing the forum on Blue-Anvil. This is mainly due to spam-registrations getting out of hand and being a general nuisance. I will be posting good topics as FAQ items within posts if applicable.

      Please note that you can still post and get help for my plugins/themes by posting on the wordpress.org website.

    • Show off your MiniCard!

      Are you a user of the WordPress MiniCard theme? Its been downloaded over 14,000 times so far!

      If you have used it as-is, made your own child-theme or done something creative with it, please show off your MiniCard’s in the comments, I’d love to see how the theme is being used!

    • Spam Stopper updated for WordPress 3.0

      My Spam Stopper plugin has been updated for WordPress 3.0 (version 3.1.3) – you can grab it here. Sorry this update took longer than my other plugins but this one gets less lovin’ – if you want to change that feel free to donate, spread the word, or rate it on the WordPress.org plugin page.

    • SexyBookmarks & Tr.im

      Just a notice to users of the brilliant http://www.sexybookmarks.net/ plugin by shareaholic – If you use tr.im (as I have on a few client sites) be aware tr.im has ceased operation so you may see errors on your blog or in your source code; it screwed up the background and headings on one of my blogs.

      To fix, go to sexybookmarks options, switch services in the “Which URL Shortener?” box, and tick the box to reset all short urls. Once done, your blog should return to normal.