For a while now, I’ve been battling with a virus that has infected the sites I host (Web Cash and Life of Brian). I wrote about the iframe injections before, and I hoped that I’d fixed the problem. But it kept. Coming. Back.

Initially, I had problems with iframes popping up on my pages. I cleared the themes and deleted the iframes, and periodically they would re-appear. This was annoying, and it was also damaging to my sites (although not a huge concern, since I didn’t update them regularly anymore and I wasn’t really expecting to earn much profit/traffic from them). Then, I noticed that script tags were appearing in the pages, and the whole situation got even more aggravating.

I would remove all of the script tags and clean up the entire server (replacing three wordpress installations and cleaning up three wordpress templates). A few days later, the script tags would be back.

What the heck? I eventually found some reading on the topic – start with this post about Gumblar and then look around Unmasked Parasites. I repeatedly scanned my computer with different virus programs, but I was unable to find any kind of parasite that would transmit my ftp information to a remote server.

Nonetheless, I decided that something like this had to be the problem. I again cleaned up the server, replacing all three wordpress installations and cleaning up the templates. I then cleared all of the passwords out of my FTP client (Filezilla). Finally, I went to my hosting account through my web browser and changed my FTP password to something new and never used it in Filezilla.

So far, so good. It’s been a week or so, and the virus hasn’t cropped back up. Oh, I hope it stays away…