In the last month or so many WordPress blogs were attacked and as a result most of the blogs were blocked with the infamous attack page (pictured below). This attack is a result of an iframe injection in the following templates;

wp-blog-header.php
wp-config.php
wp-load.php

Fixing Attack Page

These are the core WordPress files and in order to remove the iframe injection you will need FTP access to view and remove the iframe code in each file. The iframe is located at the top of each file and looks like – <— <iframe width=”100″ height=”100″ src=”http://viaieew.tk/75784006.html”></iframe> –>

You should also look for any files that were recently modified. In your FTP you will see a column called “Changed”. Look for any files that were recently modified and open each to see if there’s any injection code.

The injected iframe is due to a vulnerable .js file that can be accessed by the hacker and used to inject code into several WordPress core files.

The good news, WordPress 3.4.1 was released yesterday and once you upgrade the iframe injection will be removed. Unfortunately the actual security issues that were fixed in 3.4.1 do not specifically address this ongoing problem.

From WordPress.og: Version 3.4.1 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential information disclosure as well as a bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team.

It is important to change your FTP and WordPress admin password if you have been attacked. Try using a password with more than 8 characters that has at least one number, an uppercase character and a special character.