Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: phranque
Anyway, I've no idea how they are doing it. The malicious script entry isn't showing up in the comments section, it's getting added to the actual page source - meaning that I have to actually FTP in to my server and manually remove the link from the template's source to fix the problem.
This happened once recently after I approved some comments, but has since happened after I've approved nothing. The other site that was hacked had a script injected into a straight HTML page.
SQL injection seems the most likely culprit, but because of the plain vanilla HTML page on the other site being affected as well I sort of doubt it.
Anybody else experience anything like this? I've had my site clean for a while and hopefully it doesn't happen again going forward as I contacted the hosting's owner and he apparently hardened the system a bit but I'd still like to know how this is happening.
When hacked my site gets listed as an "attack site" in Google's search results and Firefox (3 at least) displays a warning page before allowing you to access it. This crushes my traffic as most of it comes from The Goog. I actually appreciate this as it prevents people from getting infected and lets me know that I've been had again, but as stated above, my traffic goes right into the #*$!ter until I can clean and Google re-indexes.
Any and all help is appreciated.
Do you have the same hosting provider for both attacked pages? If so, it is quite possible that they had (maybe still have) a crack in their defenses.
Or maybe someone has acquired your passwords to the system. I'd change all my passwords, just to be on the safe side.
These are the two main reasons I could think of right now.
<edit>I noted after posting that you mentioned WordPress in your headline. I'm not sure how that system works, so maybe the problem isn't server related after at all.</edit>
[edited by: deMorte at 6:50 am (utc) on Sep. 8, 2008]