It seems that people hitting B&P are directed to a spam site the first time or two, then it apparently acts normal. I’m working on a fix for this but it probably won’t be until Friday morning before it’s done. I’m sorry for any inconvenience this has caused.
to fix it check your template.
you’ll see that at the end there is a script inclusion:
look for http://kdjkfjskdfjlskdjf.com/js.php in your files or db…
It directed me to Bing, which is a (crappy) search engine, not a spam site, once, then acted normal. Weird.
Apparently tax day was attacks day, it must have been a taxing day for you.
Literally as soon as I read up to spam, i was redirected, but not to bing but instead to some website that was apparently checking my computer for viruses
Yeah, it redirected me. (I’ve got the attacking computer, attacker URL, and destination address from where my security blocked it if for some reason you should need it.)
…kicks in the general direction of the gremlins……this is my favorite site, and it put a crimp in my nightly relaxation with it.
Thanks for working to take care of it! All you do here and the other sites is muchly appreciated. :o)
Jonco, they injected some code on your WP – perhaps your database.
The malicious code is still there, mor at least part. You can see it in the source of B&P, at the botton where you~ll find this line:
I was redirected to ‘scanner24.org’
It showed a screen similar to ‘My PC’ and offered a drive clean up.
Yip! Me too. Got some poor attempt at a Windows type screen with a progress bar etc. I’m on a Mac!
hi, your ftp account has been compromised. change your passwords and reupload a copy of the site, or at the very least, your wordpress templates — a malicious has been injected at the bottom (bad domain stripped to not encourage people to go there). the attackers got your ftp credentials through a keylogger on a computer that has access to this domain via ftp, so run antivirus/antispyware on your computer before logging in with your new ftp password (else they’ll just compromise it again). shoot me an email if you need more help.
I think there’s an applicable discussion about it here:
http://forums.overclockers.co.uk/showthread.php?t=18128737
This is a big deal. The limited stuff i saw about it suggests that it can infect all php files, and that to do this something has obtained write access to your database.
Good luck with it.
It turned me into a newt!
AVG spared me . Apparently this was “a bit too short” for WordPress, so I have come back and added this crappy message.
Here is the warning AVG displayed:
Looks like WordPress threw away my angle brackets too (I had written “end of original comment” in angle brackets after “AVG spared me” in my original post)
Just logged in at work and the same message!
I got the “WARNING!” message from TrendMicro and then a note that my computer was infected. It wasn’t. But still, a few heart pounding moments for me.
Phew,
My Symantec works…
16/04/2010 8:06 PM,High,An intrusion attempt by 91.212.127.19 was blocked.,Blocked,No Action Required,HTTP Fake Scan Webpage 5,”91.212.127.19, 80″,gescansecurity.org/?affid=318&subid=landing,”(10.1.1.1, 49490)”,91.212.127.19,”TCP, www-http”,
It did it to me while I was trying to watch a video.
Stupid spammers & hackers need to get girlfriends, they obviously need more attention.
I had been using safari on my iPhone then IE on my pc with absolutely no problems. It wasn’t until I used firefox that I was redirected, and that only happened once with no download attempt nor did my anivirus kick in. Is everyone who has the problem using Firefox? Regardless, whatever it is, it seems harmless. Probably has to do with some annoying FF add on or perhaps an ad on B&P.