Jun 112009

This days I am dealing with some infected files in my sites. I have seen thet this bot is inserting two iframes in files containing in their name “index”,”default” or “home”. On this blog the files infected was /index.php, /wp-admin/index.php, /wp-admin/index-extra.php, wp-includes/default-filters.php and /wp-content/themes/../index.php . All this files were containing the two iframes pointing to the two .cn sites. Looks to be a vulnerability on the server as far as Read all content