So you like Wordpress... then you want to be careful
 

It looks like somebody hacked wordpress on one of my blogs and put a script on the bottom of 1000s and 1000's of my pages on one of my dedicated servers, it will take me forever to remove it from all the pages... the script is redirecting all my traffic from free sites, gallery pages and so much more to this url.

http://jxp2dve.com/?prvtof=8b2VkUqfX...JePkd0tw%3D%3D

Might have been a host problem , not a wordpress problem.

urgh, you sure it was wordpress? I don't like the sound of it, better try and up the security on it in some way

Probably not the best idea to be posting direct links to pages that were inserted by hackers, it's not hard to imagine what they might do to an unpatched/holy MSIE. :2 cents:

Do you run any other scripts on the server?

there's pretty much a security hole in every version of wordpress...public and 0day..not much you can do...

anything helps though

www.grsecurity.net <- harden your kernel
http://www.modsecurity.org/ <- harden apache and php
:thumbsup

yea wordpress if full of vulnerabilities gots to lock it down if your going to use it

he is dedicated ....

What version of Word Press was "hacked?"

You probably have an ancient form of wordpress unseen in years.

As long as you install updates right when they come out, you should be fine.

It can still happen...:2 cents:

:2 cents: then it is not the host fault, as the original poster implied ... people don't read here ... or what ?

Running wordpress is a disaster waiting to happen.

Best of luck with that... you almost need to be there hitting refresh because they are always updating the damn thing :mad:

There hasn't been an update in over a month.

It can be the hosts fault wheater or not he is dedicated. Several dedicated boxes can be connected to each other.
A piece of php on one of the boxes or an outdated piece of software (besides wordpress) can do the trick.

People dont think here or what? :2 cents:

fine, it is the host fault ... have to leave ... going to nightcourses ....

I have had a similar problem. The host helped me with a custom solution that repressed this code. So the code became useless. It was a temporary solution because the moment the hacker redirects it to another url you will have to change your costumsolution as well. It helps you buy time to find the security hole though.

Uggg thats sucks Dennis. Good luck sorting that nightmare out mate.

Wordpress is crap. The code base is clunky, the plugin architecture is sub par and its slow as sin. :2 cents:

Whats the alternative?

this is why Im thinking of getting a separate server or a virtual account to start to play with wp. To have my server that pays my mortgage fucked up wouldn't work for me.

Check the div for class=goro in your source or something like that. There are a number of ways to remove it (it's a single include file). Search google.

If you use autoblogger simply use rewriter to replace eveything within the goro div with a blank space.

Here's the link to remove the infection if it's the goro injection:

http://blog.kakkoi.net/wordpress/how...class-mailphp/