I have been very busy the past week moving to a new server for my file-house.com hosting company. I ran into a snag with my old provider when they allowed a rather insidious script to be injected across all of my sites. It slips in and changes permissions on files. It masquerade itself as a yahoo counter but attacks all your files and will break your rss feeds. If it attacks your wordpress blog the easiest way to deal with it will be to delete everything and start anew. Make sure you save your wp-config.php files information but not the code. But if you have a custom theme you can’t do that and will need to crawl every  page with a text crawler like TextCrawler to search your files or you would be searching individually for days. Depending upon plugins you will have a couple hundred or so files that will be infected the code looks like this;

!--Yahoo! Counter

<!--Yahoo! Counter

This is not all of the code but if you need it just let me know and I will hook you up with a copy to use for searching your site with. So far all the php files have had one code and the html files have had the code that is generated into the webpages that starts “<!–Yahoo! Counter” without the ” marks. I have cleared this one and Brainfoggles and have a couple more to go so I can migrate to the new servers clean of infections.

Leave a Reply