February 3, 2010
econnexus Website Hacked!
Our apologies to recent visitors to the econnexus website. At some point over the weekend we were hacked, and you may have seen warnings similar to the following if you tried to access this site recently:
Avast complained about: JS: Small-C [Trj]
AVG complained about: JS/Downloader.Agent
We have fixed the problem, and we have also taken the "opportunity" to transfer the site to a new hosting provider and upgrade to version 2.9.1 of WordPress and a new theme. Please contact us if you discover any parts of the site that still do not appear to be working correctly.
For any geeks amongst you the hackers managed to insert a JavaScript trojan into our theme's header.php file. The problem is now fixed, but it does lead one to question the morality of those who are no doubt able, but also willing, to disrupt the activities of others attempting to assist the victims of the enormous natural disaster that has occurred in Haiti.
Filed under Geekery by
Comments on econnexus Website Hacked! »
Hi,
I have the same problen in my web
How did you fix it?
Thanks
Ketty
Hi Ketty,
Assuming your problem is the same as ours you need to manually edit the header.php file for your WordPress theme.
If that doesn't apply to you, you need to find which .php file contains the trojan. It will start with code something like:
<script language=javascript>document.write(unescapeJust remove everything including and between
<scriptand</script>That did the trick for us. Hope it's some help to you!
Thanks for posting your solution. A client called me this morning in a panic about his site being blocked by Avast – same error message.
I found you while Googling "JS: Small-C [Trj" looking for a fix. (Probably not a search term you were trying to rank for…)
Thanks to your guidance I found the offending script in his header.php file and nuked it – problem solved for now.
He's suddenly interested in doing the WP upgrade he's been putting off for too long, but not so interested in changing the theme if he doesn't have to. I doubt that the malicious hack was theme-specific, but I'm curious – did your previous theme happen to be some version of the "Collage" theme?
Hi Bill,
Thanks for your comment. You're right, it would have been much better all round if we'd never had the problem and therefore never ranked for the solution!
I don't think it's theme specific. I've never come across Collage before. I don't think a new theme is a necessary part of preventing a recurrence.
Jim