Edit: This is split from another thread to keep that thread on track - sarahG

http://www.pallab.net/2007/05/14/desktop-modding-explained/

My AV software found a trojan on your site, it's something coming from hostverify.net and is inserted into the iframe at the bottom of every page on your site.

yeah..i also noticed that today. somehow they had managed to insert those two lines in my index.php
Removed it. Currently using wp 2.7 b3. Surprising that they managed to get through. Btw my chmod value for index.php is 644. That is allright. Isnt it?

Its time Pallab you check your webhost for security...your site surely was hacked. Time to take a security analysis of your blog.

Btw my chmod value for index.php is 644. That is allright. Isnt it?

It is, but if someone gains access via your server/hosting account then permissions could have little effect.

Wait wait. what's chmod value that I need to use for me to control my files in my blog wordpress dashboard?

If your host is set up correctly, 755 should do it.

However, if you've got FTP access and are happy to use FTP, I wouldn't update your files via WordPress unless you take regular backups, else if you lose things, or your host has a problem, you won't have a copy of those files anywhere.

hmm..this is worrying..esp since i had the latest version of wpress installed..

hmm..this is worrying..esp since i had the latest version of wpress installed..

According to your comment earlier, you are running the beta 3 version of WP 2.7. Although it's probably secure enough, it still isn't a finalised version which means that there could be a security hole in there. Plus, it may not be due to WP or even your site. We've had several sites hacked on a shared server before, none were related, some on WP, some with custom coding.

It could be WordPress, it could be down to the security of your host/server.

Also, don't forget, every plugin you use could cause a potential security issue too, depending on what they do. So if you don't need a plugin, get it off the server, if you keep it on there, regardless of whether it's active or not, keep it upgraded. Anyone can write a plugin, doesn't mean it's secure ;)

You are right. I have a bunch of outdated plugins. Going to update all of them tonight.

If your host is set up correctly, 755 should do it.

However, if you've got FTP access and are happy to use FTP, I wouldn't update your files via WordPress unless you take regular backups, else if you lose things, or your host has a problem, you won't have a copy of those files anywhere.

what do you mean I won't have copy of files anywhere? are there any risk to loose file if I update files in Wordpress?

what do you mean I won't have copy of files anywhere? are there any risk to loose file if I update files in Wordpress?

If the only version of your theme is on your server, and something happens to your server eg. it gets hacked, it corrupts and/or dies, any number of possibilities, then you personally will not have a copy of those theme files if you've only edited them on WordPress and not saved them on your own computer.

And considering you're with free hosting, I wouldn't trust that they'll keep backups of your site, nor that the server will not have a problem at some point.

Thanks for the tagged, yeah, i realize now. I'll backup asap now. Maybe it is because I did not yet encounter any problem with server because that's why it's way out of my mind. But I will possibly do it.

You don't think about backups until one day it all goes wrong and you lose everything ;)