A malicious IFRAME - October 10, 2011 @ 3:34 pm

A few days ago I get a Email from Google saying that my website was blocked from the search results because of some malicious code.
First I though it was sitting in the comments so I deleted a lot of comments (because they were not normal looking).
But when I discovered the site was still blocked I started searching in the code and I founded some weird looking IFRAMEs.
And after searching deeper and deeper I discovered they were sitting in the MySQL database. How they came there I sill don’t know, but my best guess is a malicious WordPress plugin.
After deleting them out of the database the problem was gone. Now I hope they will not come back but now I know where to look.

Thanks for reading,