1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Autoblog infected with malicious code

Discussion in 'BlackHat Lounge' started by davioli, May 30, 2009.

  1. davioli

    davioli Regular Member

    Joined:
    Oct 10, 2008
    Messages:
    234
    Likes Received:
    67
    My client's autoblog has been infected with some malicious code. This is according to the warning firefox shows when you visit the website.

    I checked out the wordpress theme files in the theme editor and I found nothing that's amiss. Is there a specific place I should be looking?

    If anyone has experienced this before..Please PM me if you can help.
     
  2. Jagged55

    Jagged55 Power Member

    Joined:
    Mar 27, 2008
    Messages:
    747
    Likes Received:
    325
    Occupation:
    Internet Marketing
    Location:
    Canada
    Check to see if there are any other php files in with the theme. I found a couple themes that included a php file in a subfolder that had code in it..

    Edit: Check the plugins also...especially if you are using something "new" that you haven't used on other clean blogs.
     
    • Thanks Thanks x 1
    Last edited: May 30, 2009
  3. davioli

    davioli Regular Member

    Joined:
    Oct 10, 2008
    Messages:
    234
    Likes Received:
    67
    K..Im checking that out... I saw all the php's from the wp dashboard. Now checking through ftp.
     
  4. Duddo

    Duddo Newbie

    Joined:
    Jan 9, 2008
    Messages:
    43
    Likes Received:
    5
    Check the source code of the blog (Ctrl + U), especially footer. The blog can be hacked.
     
  5. 94FBR

    94FBR Registered Member

    Joined:
    Feb 25, 2009
    Messages:
    67
    Likes Received:
    24
    check all chmoded 777 files if there's any..
     
  6. sikx

    sikx Registered Member

    Joined:
    Jan 4, 2009
    Messages:
    65
    Likes Received:
    166
    Location:
    Germany
    Home Page:
    Check for files that didn't exist before (compare local copy of WordPress with uploaded one) and reupload WordPress.
    It could also be a false positive depending on the content that is posted on the blog, but I would seriously check the security of your blog or other sites that are hosted on it. Malicious code does not just wander in through some kind of magic, there must be a hole somewhere. Update WordPress to the newest version etc.
     
  7. davioli

    davioli Regular Member

    Joined:
    Oct 10, 2008
    Messages:
    234
    Likes Received:
    67
    Thanks everyone..Im doing all of it...especially Springer's PM..thanks!
     
  8. springer98

    springer98 Regular Member

    Joined:
    Dec 6, 2008
    Messages:
    211
    Likes Received:
    250
    Occupation:
    We doeneeeeed no stinkin' yob!
    Location:
    ZRF
    Hey, you're welcome. Happy to help. Hope it all works out. ;)
     
    • Thanks Thanks x 2