[Plugin: CSV Importer] WARNING!!! iFrame Injection issue with CSV plugin | ww.wp.xz.cn

Resolved Bozster
(@bozster)

14 years, 8 months ago

BE VERY CAREFUL.. While the plugin works fine. If you leave the plugin on your WP server it has security flaw allowing bots to inject iframe code.

It inserts the code in index.php in WordPress and it’s base64 encoded.

When you are infected it looks like this:

eval code moderated.]

and you will see a small 1px by 1px dot before the HTML tag of your site/template when viewed in browser.

This is what the code actually looks like when decoded:
http://pastebin.com/K1MKqwNk

The reason why I know it’s CSV plugin is because this is a fresh WordPress 3.2.1 installation without any plugins. As soon as I installed CSV plugin the site/WP installation was compromised and iFrame injection happened to the index.php

http://ww.wp.xz.cn/extend/plugins/csv-importer/

Viewing 2 replies - 1 through 2 (of 2 total)

Thread Starter Bozster
(@bozster)

14 years, 8 months ago

It might be false alarm.. I deleted it and reset password and I still get infected. This is now becoming a huge problem.

Does anyone have a solution for this!!!? What is happening.

esmi
(@esmi)

14 years, 8 months ago

http://codex.ww.wp.xz.cn/FAQ_My_site_was_hacked
http://ww.wp.xz.cn/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

http://sitecheck.sucuri.net/scanner/

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘[Plugin: CSV Importer] WARNING!!! iFrame Injection issue with CSV plugin’ is closed to new replies.

2 replies
2 participants
Last reply from: esmi
Last activity: 14 years, 8 months ago
Status: resolved