Jun 112009

This days I am dealing with some infected files in my sites. I have seen thet this bot is inserting two iframes in files containing in their name “index”,”default” or “home”. On this blog the files infected was /index.php, /wp-admin/index.php, /wp-admin/index-extra.php, wp-includes/default-filters.php and /wp-content/themes/../index.php . All this files were containing the two iframes pointing to the two .cn sites. Looks to be a vulnerability on the server as far as all sites hosted at the same IP were modified.

So the fastest method to repair is replacing the infected files containing the malicious code inside with some clean files from default installation or open with an editor and clean manually. After it, has to be secured the website by adding a .htaccess file with the rules to block the malicious visitors and of course install some useful plugins as firewall and file monitor.

The plugin WordPress-Firewall is available to download here

Later on I will post a model of a .htaccess file

Random Posts

     Leave a Reply

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>