GoFuckYourself.com - Adult Webmaster Forum - View Single Post - You will never guess the top 5 US states for pages/visit on my site.

fluffygrrl · 08-12-2008, 04:26 AM

Pretty damned impressive, all in all...

The infector was obviously an automated process, targetting footer.php and header.php in wp-content/themes (all installed themes), and index.php in any available subdirectory.

I say automated because even index.php files containing nothing but "hi" got the iframe appended at the end.

The infected files are easy to spot, if you sort a dirlist by date they float to the top. Mine were all Aug 12, 3:59 and 4:00 which means whoa google is fast with these things now! Kudos for them.

Still trying to figure out exactly how it got in, and if you're running wp you might wish to give your own site a looksee.

08-12-2008, 04:26 AM
fluffygrrl So Fucking Banned Join Date: May 2006 Posts: 2,187	Pretty damned impressive, all in all... The infector was obviously an automated process, targetting footer.php and header.php in wp-content/themes (all installed themes), and index.php in any available subdirectory. I say automated because even index.php files containing nothing but "hi" got the iframe appended at the end. The infected files are easy to spot, if you sort a dirlist by date they float to the top. Mine were all Aug 12, 3:59 and 4:00 which means whoa google is fast with these things now! Kudos for them. Still trying to figure out exactly how it got in, and if you're running wp you might wish to give your own site a looksee.