Forums

WordPress › Support » Miscellaneous

I really need help - think a plugin has been hacked (5 posts)

  1. glenv
    Member
    Posted 10 months ago #

    I have a site that is based on Wordpress. This morning I decided I should update some plugins. Anytime I clicked on the settings of a plugin I was redirected to someone elses site - assuming the hackers.

    I have disabled all plugins and added then back in one at a time and it still does it no matter how few I have and when I change up the order I reload them.

    I had someone look at it and he is giving up but the last he said was the hacker was loading an iframe to do his rotten deed.

    To be clear the only hyperlinks effected are those under "Settings" of plugins added.

    If anyone is willing to take a look I would sure appreciate it. Let me know and I will send you ftp, wp-admin etc.

    I really need help on this one.

    We have:

    - checked all plugins for malicious code, and deactivated them

    -checked .htaccess in root + subfolders

    -installed a fresh copy of WP 2.7.

    -checked database for noscript, display,...

    Thank you

  2. buddha trance
    Member
    Posted 10 months ago #

    Just a thought... since you already installed a fresh copy of WP 2.7... what about deleting the plugins and installing a fresh copy of them also? This way, you can go by an elimination process.

  3. glenv
    Member
    Posted 10 months ago #

    Good advice - I just did exactly that right after you mentioned it. I downloaded updated plugins. I figured I would turn on the new Akismet plugin first and after doing so I selected "Akismet COnfiguration" and it immediately now sends me to a different site (scumbags are sending you to software marketing sites)

    Sure hope I can get you folks to help me with this.

  4. buddha trance
    Member
    Posted 10 months ago #

    Things I can think of that I would do, given a fresh installation and fresh plugins:

    1 - immediately change the database password

    2 - backup the theme, but delete it from server and change to default theme (there may be code added to the theme, which is not changed when upgrading WP)

    3 - read http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

    4 - Look again at config.php

    5 - Check the database again

    6 - Check the images folder for weird files

    I hope you get this solved!

  5. glenv
    Member
    Posted 10 months ago #

    Must be that theme I had the folks make for me was vulnerable. Deleted it and new theme is working!

    Thank you

Reply

You must log in to post.

About this Topic

Tags