Bastards hacked my WP site
- Started
- Last post
- 24 Responses
- noneck0
The Wordfence plugin saved my bacon when a couple of my WP installs got hacked a few years ago. It's a huge help for detecting and removing this kind of shit from WP.
- plash0
just so you'all know, you should never initiate an FTP connection from public WIFI network, like coffee shops/cafes, public computers, or libraries. also using any open WIFI connection is bad even if you don't execute peer connections without properly initiating port controls on your computer.
http://engineering.deccanhosts.c…
consider switching to SFTP as a replacement protocol and don't use filezilla as a client.
- vaxorcist0
You may want to read:
http://largemediainc.com/2013/08…
are you on Godaddy? They supposedly get hacked more than other hosts for things like this.... maybe it's FTP, not SFTP, as SFTP is more secure
login, check code in "head.php" for
<div id='hideMe'> <p><em> Online Payday Loans ...etc...also, a scan of the URL in the OP shows:
- danielleamatuch.com safe? - displaying 1 of 1
<A> www payday loans with saving account - http://danielleamatuch.com/?www-…
- dbloc0
do you have ftp access?
- mg330
I could go on and on about Wordpress security after suffering some serious hacks to both my WP sites and my CPanel account over the summer last year. Really frustrating time. Forced me to really dig into key Wordpress security problems, change plugins, schedule regular backups, etc.
Please don't for a second think that a hack is unique to Wordpress. Every site, every platform has vulnerabilities. Reduce them or eliminate them and you'll be fine.
- plash0
Easiest way i can think to assets if any credentials have been compromised is to log into your web server (via sftp) and check for last modified files by date.
looks like you're running apache so 'date created' might show newly added files since this might just be a php injection. if you do find something (a file added) this will indicate if a password was breached.
2nd step is to log into your mysqladmin and check for records that have been modified within a date specified. this will show if any database records have been modified, (if a positive is found then it's time to change that password and hash). Note that you'll find a lot of updated records in the data base, so put on that deerhunter and pull out a magnifying glass, you'll want to audit with prejudice; needle in the hay stack here.
lastly log into your wordpress admin and again aduit for records changed.
These are the fist steps to find our if your passwords have been compromised. if you find a file that has been uploaded without consent, then that points to a compromise..
if you find a db record, look into the cell and find the info it holds. you can do a string search for 'payday' throughout the entire database.
anyway, some pointers.
- fadein110
Wordpress is only attacked because it is so popular - security-wise it is pretty robust now. Dumb ass comment blaming it on Wpress - any site is vulnerable.
- moldero0
Ithemes security plugin = pricey but worth it
& hide your theme info, your theme info gives hackers a place to start when looking into vulnerabilities.
- detritus0
..or, if you do, keep the sodding thing updated.
I agree with you though — I had a similar problem on a client's site last year, because they insisted on having a WP blog on there, and insisted on letting it fall into disrepair.
= Poisoned Database, which fucked up other applications sharing it.
Bunch of fucker.
- fadein110
revert to backup - nearly all hosts take a daily/weekly/monthly backup - quickest fix. The check all plugins are upto date along with Wordpress and then change all passwords.
- detritus0
flush the database.
If they've injected some SQL nastiness in there, it doesn't matter how many times you clean the front-end code, your own database will inject it straight back again whenever it can.
- if it's not a big site with oodles of content, just export it all and eyeball it in a text editor, look out for dense code.detritus
- the ..er.. database, that is, obv.detritus
- usually, there is a "back door user" left in the db.renderedred
- or just revert to a backup lol - 1 minute - problem gone.fadein11
- sem0
It could be a "dodgy" plugin you installed. Sometimes "free" plugins come with horrible little extra's that you don't want and keep coming back until you remove said plugin.
- prophetone0
find your theme folder via ftp, d/l that motha shut yo mouth, so you have a folder on your desktop with all theme php files in therr, then, scan em with text search app and search for offending keywords i.e: payday.
open offending php files in a text editor, remove code above, and overwrite corresponding live php file(s). check to make sure that site hasn't melted.
- prophetone0
it's gotta be a common header.php or nav.php type file in your theme . . . or a tainted nav plugin
- not at all - many other ways this could happen.fadein11
- well yeah, but is startprophetone
- ukit20
There might be a script that injects the HTML. Check the index.php file.
If that doesn't work, try reuploading the theme (assuming you have a backup). And if that doesn't work, reinstall WordPress.
- dbloc0
how did you upload the site, or is it wordpress.com?
- scarabin0
locate "mach_kernel" on your hard drive and delete it
- Vinney20
Not in the header.php, but thanks for the suggestion anyway - worth a go.
How do I download my site files?