One of my umpteen million WordPress sites (but not this one) was “hacked” by an iframe hack. It was a WordPress 2.3 site which I’d waited to upgrade. Only one site and only one post had the hack, which was an iframe link that somehow got tacked on to the end. Google helpfully alerted me to the issue when it scanned my site and detected the hack. Pretty useful, that Google.
I’m still investigating how the attack occurred, as the single-post aspect makes me suspect a browser-based attack. I don’t really consider it a hack in the traditional sense, though I’m still puzzling over it. Any clues from my fellow network security gurus out there would be appreciated.
Y’all fellow WordPressers might want to check your WordPress database(s) for the issue. This SQL statement did it for me.
SELECT COUNT(*) FROM wp_posts WHERE wp_content LIKE "%iframe%";
…where you’re obviously pointed to your WordPress database.