The Honest Way Forum

[hwould]

I already made a post at Ben's forum h**p://www.forum.makemoneyonlinewithseo.com/showthread.php?t=636

But long story short. PHP sites on apparently shared hosting sites have been injected with some javascript code. I read about it here: h**p://blog.sucuri.net/2010/05/new-attack-today-against-wordpress.html

They posted a fix but it didn't work for me on any of my sites I tried. Any additional info will probably be beneficial to a lot of us.

[korprit]

[TrentBrownrigg]

[korprit]

heh, no worries. those are linux shell commands. meaning you need to telnet or SSH into your host. once at the terminal (will look like '[user@host ~]%' or something along those lines), then you type in (or copy) those commands.

grep simply searches for text strings. so these commands tell grep to look for the reference text (offending javascript files), starting with the local directory ('.') and then go recursively through every directory ('-r'). so i recommend starting in the folder that houses all your sites for that host (like 'public_html')

[hwould]

Thanks for the help Korprit, but unfortunately all of that is mumbo jumbo to me. What I did was I deleted every piece of offending code from a site by hand. It worked on a site that was trying to give people a trojan. I also changed my passwords, I don't know if it matters though since they were already tough and I wasn't the only one hit obviously.

On a side note, only my sites that were updated to wordpress 2.9.0-2.9.2 were affected.

[korprit]

the commands don't clear it up, only identifies if you have infected files (lists files that have that string). simply cuts down on the amount of time it takes to clear it up.

i've seen at least one site that was infected, went to do a link trade and it said my 'C:\Windows\' directory was infected....i was running linux lol

<3 linux!