Nuts, this blog was hacked at some point in the last month with a code-injection exploit that was fixed in version 2.3.3 of Wordpress. I browsed to my homepage but was interrupted by Google telling me that visiting my site would bring untold death, destruction and the loss of my firstborn… or maybe it was something about badware. Anyway, after much gnashing of teeth and using www.spybye.org, I spotted that an iframe had been inserted into the site
I also simultaneously discovered that the Wordpress database backup plugin does not do what it says on the tin; it seems to send me a gzipped file with a 4kB file in it which only contains my database log-in details, and for the life of my I can’t work out why. I could still do a manual back-up via my host, then text search in the file to confirm that I’d removed all references to the iffy iframe. Hopefully the site should now be free from such crapola. Apologies for any inconvenience. If this isn’t a gentle nudge to keep up-to-date with Wordpress releases, I don’t know what is.
Comments (3 Responses)
Sorry to hear about your problem. If there is a problem with the plugin, I’d like to fix it. Could you email me or open a ticket in my support forum? Are you using the latest version of WP-DB-Backup, 2.1.5?
Thanks.
Please refer to: http://www.ilfilosofo.com/forum/topic/93
Make sure the program you’re using to un-gz the file is working correctly. I was having the same problem awhile ago, where I’d only get small segments of the full SQL file. 7-zip works flawlessly.
Brilliant, thanks ElliotB - all sorted now! I had used ZipGenius, and that didn’t work. gunzip via a Cygwin bash unzipped the file correctly. It’s surprising that such different results can be obtained from different compression software!
Live reply