Weird RSS behavior- "junk detected'

  • Resolved drukqs

    (@drukqs)


    13 years, 1 month ago

    I notice my Feedburner stopped sending out e-mails to my subscribers, and it seems that the rss feed generated by wordpress is not being parsed correctly. The content is all there, but unfortunately, there’s a long <script> tag added to the last line. This only started happening a few days ago, and I can’t for the life of my figure out what’s going on.

    Here’s the validation of the feed.

Viewing 1 replies (of 1 total)
  • Thread Starter drukqs

    (@drukqs)

    I found out that my wordpress had been infected with a trojan that was inserting script into both the RSS, webpages and the backend as well. I think one of the admins has had her computer pwned in a nasty way.

    It was relatively easy but tedious to remove. I noticed that certain prevalent files were modified at the same time, such as:
    wp-admin/
    admin-footer.php
    admin-header.php
    custom-header.php
    index.php
    menu-header.php

    as well as index.php, index.html (if you have one), and other sites in the main directory. The code looked something like
    echo(gzinflate(base64_decode('...');

    I wanted to be sure that no files were added. Malware scans, using plugins like Sucuri Scanner, revealed ‘phantom files’ in the main directory like 404javascript.js that I could not locate in the FTP; however, removing the code seemed to fix it.

    I reinstalled WordPress under the updates menu and I think it’s all clean now.

    Unfortunately, the site was blacklisted by google, so I’m in the process of having it reviewed. If that happens to you, you have to register your site under a google account and apply for it using Google Webmaster Tools/Diagnostics/Malware.

Viewing 1 replies (of 1 total)
  • The topic ‘Weird RSS behavior- "junk detected'’ is closed to new replies.