Hackers continue to subvert hundreds of thousands of Web pages with IFrame redirects that send unwary users to malware-spewing sites. It was apparently reported that these IFrame redirects have slowed, but they’re still occurring at an alarming rate. A friend of mine, who owns the blog called YourSEOSucks, was recently exposed to the IFrame hack using WordPress 2.7.1.
How it works:
Hackers are likely relying on an automated tool to do the dirty work, the hackers add IFrame code to the saved search results on the sites. The next visitor that uses the search tool is then redirected to another Web site by the IFrame code. The second site in turn puts up a message telling the user that a new codec (coder/decoder) needs to be installed. Accepting the codec takes the user to still another site, which actually hosts the malware — a new variant of the Zlob Trojan horse — and installs it on the victim’s PC.
How to secure your WordPress:
Download Secure plug-in: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
Download Security Scan plug-in: Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
If you are using an unsecured FTP client, you are in danger of exposing your passwords to hackers because the passwords are passed between your FTP client and your website in plain text. Use a program like WinSCP, or a FTP client that allows you to connect to your site using SFTP, SCP. Both of these methods encrypt your user name and password, making it much more difficult for a hacker to discover them, even if they intercept them with some sort of packet sniffer.
Lock her down!
Great post. It happens all to often these days, I am considering the Copyscape program to secure my sites.
Thanks for the wordpress trick.
Garret,
It doesn’t happen that often, but just take precautions.
This week one of the sites I work on was hacked and an iframe was placed in all index.php files, plus in the functions.php file in the wp-includes folder.
This code often overwrites the ending php tags in the file and thus brings the site down.
I have seen a couple of other threads on this (links at bottom), but not exactly the same code example, so wanted to bring it to light here to:
* Gauge how often it’s happening
* Share solutions
* Expose the culprits, if possible
* Alert WP team so they can review possible core level security measures
As to remedies and security measures to take, the other threads have given some good advise, and I plan to sweep my machine and those of other team members with FTP access (could be virus attached to our systems), check recent plugins, scan for virus’ on the hosting servers, and change all relevant security codes and settings. I will report again here, and encourage you to do same.
For permanent solution read more @ http://annanta.com/?p=338
Kevin,
I read some where that the new WP 2.8 corrects many security issues. Have you upgraded?
i was upgrade to wp 2.8… but they still hack me. :(
all of my blog was broke and can not open. Fortunately i was backed up my files. But 2 blog is still broke..
I still trying to fix them…
Andri,
Did you check all your folders to see if any files were added to those folders?