danceadvantage

I updated a scheduled post slightly, just to see if I was having the same problem. It didn’t take 10-15 minutes but it was longer than usual.

Does this post to your Facebook wall or to a box?

I removed foreign code from my plugins, changed passwords, and updated. This solved the problem of the authentication box appearing. However, later I discovered the above code and it is still appearing in my footer php. I have removed it and it returns within a couple of days. Is anyone else having this problem? I am not sure how or where the additional code is generating from. I would like to update to 2.8.4 but wanted to wait and see if I could find the culprit code that is infecting the footer since the update I did last time obviously did not completely cure the problem.

I just checked my footer.php again and more code had been inserted. This is just a sampling –

<p style="display: none"> <a href="https://www.service.gatech.edu/dev/images/grid_large/thumbnail_1227035962.php?p=adobe-presenter-for-mac">adobe presenter for mac</a>
<a href="https://www.service.gatech.edu/dev/images/grid_large/thumbnail_1227035962.php?p=acala-dvd-creator-3">acala dvd creator 3 download</a>
<a href="https://www.service.gatech.edu/dev/images/grid_large/thumbnail_1227035962.php?p=xilisoft-1click-dv-to-dvd">xilisoft 1click dv to dvd download</a>
<a href="https://www.service.gatech.edu/dev/images/grid_large/thumbnail_1227035962.php?p=futuremark-pcmark-vantage-advanced">futuremark pcmark vantage advanced</a>
<a href="https://www.service.gatech.edu/dev/images/grid_large/thumbnail_1227035962.php?p=xilisoft-video-converter-ultimate-5-1">xilisoft video converter ultimate 5.1</a>
<a href="https://www.service.gatech.edu/dev/images/grid_large/thumbnail_1227035962.php?p=roxio-copy---convert-3">download roxio copy & convert 3</a>

Where is it coming from and how can I get rid of it? Help please!

Is this a coincidence… or not?

Today I went to bluehost cpanel and logged into my email (webmail) account there. I wanted to check some things and also change my password. I was confronted with another alert message — A username and password are being requested by https://boxxxx.bluehost.com:xxxx. The site says: “WebMail” —

Recognizing that this was exactly like the Magic thing, I kept hitting cancel until it went away. So, who do I alert about this? Did it happen BECAUSE I experienced the Magic problem?

My vars.php code looks clean, by the way. And no further problems with magic since I updated and cleaned the plugins (though I did notice some foreign code in my footer this week, which I removed). Where else do I need to look for malicious code? Any thoughts or suggestions?

Can anyone describe this corrupted code in the plugins and where to find it? (I’m not a coder and don’t know where to look to see if I need to upload new plugins). Thanks.

I had the problem too. I know very little about all of this stuff but I changed my password, did a backup, and upgraded to 2.8.2 and I’m no longer getting the alert box. Hopefully this will be enough. If there is more news or other things I need to do, please post what you know! Thanks!

That would be great. I looked to see if I could change the category of my pages but apparently that’s not an option (or I don’t know where to look for it). Thanks very much.

I have this question/concern too. My .com blog was mapped to my domain and still my stats are back at 0 now that I’ve moved to .org. (I used the wordpress.com stats plugin too but it didn’t fully do what I expected). The unfortunate side-effect is that I no longer have good “top post” data even though my blog has been around for over a year. So, if anyone has a solution to this problem, I’d love to hear about it. Thanks!