WordPress.org

Ready to get started?Download WordPress

Forums

2.9.2 site hacked (188 posts)

  1. mclanea
    Member
    Posted 4 years ago #

    Worked a little bit. Please check the comment I left on your post. Thanks!

  2. Steve D
    Member
    Posted 4 years ago #

    dd@sucuri.net . . . is NS even aware that some end users can't even log into their account File Manager and are getting a user id and password incorrect prompt?

  3. helpme11
    Member
    Posted 4 years ago #

    my wordpress blog is not the same

    the dashboard is messed up

    i clicked on the 4 column button and refreshed the page and it fixed the dashboard but the post dashboard and comment dashboard is still messed up

    how can i fix it

  4. jkelly11
    Member
    Posted 4 years ago #

    @dd -- thank you so much!! I ran that on both of my wordpress sites and they're totally clean... even that one script that I couldn't seem to find anywhere.

    thank you!

  5. Daniel Cid
    Member
    Posted 4 years ago #

    helpme11: Try this script: http://blog.sucuri.net/2010/05/simple-cleanup-solution-for-latest.html

    Steve D: They are (I few people contacted them already).

  6. helpme11
    Member
    Posted 4 years ago #

    what the is a script!!

    run in the park

    im not running ...... to try

  7. esmi
    Forum Moderator
    Posted 4 years ago #

    @helpme11: Stop repeatedly bumping posts and calm down. People are trying to help you. I suggest you listen very closely to the advice that they are trying to give you.

  8. mclanea
    Member
    Posted 4 years ago #

    I'm not bumping this post, but I am having the same problem as @helpme11.

  9. Steve D
    Member
    Posted 4 years ago #

    As soon as I can regain access to my files I'll post the results.

  10. helpme11
    Member
    Posted 4 years ago #

    im totally calm... oh sorry.

    who are they??? who are you referring to. Who should i take advice from they?

    Is there an expert in here please who can let me know what i have to do in steps.. please dont redirect me to another page.. or link.

    step one
    step two

    etc

    thank you.

    btw what is bumpin? sounds sexy.

  11. clundie
    Member
    Posted 4 years ago #

    @GDHosting Thank you. I filed my information for the security team. I may also take a look at the apache logs from this morning.

  12. helpme11
    Member
    Posted 4 years ago #

    i have a friend who has helped me with wordpress all along. so he will be home shortly ... and he will let me know how i get my dashboard back.. and fix the mess in wordpress... i will stay loged in and as soon as he advises me on what he will do for my sites - i will post it up here to help everyone else.

  13. ardvark
    Member
    Posted 4 years ago #

    @dd,
    Thanks a bunch for that script. That really helped.
    Matt

  14. Steve D
    Member
    Posted 4 years ago #

    Clean Here. Now that that's established can someone link me to a tutorial about how to run these cleaning scripts. It's obvious I'm going to have to learn to do this next. May as well confront it and get busy learning. They don't teach this stuff in sales and marketing.

  15. helpme11
    Member
    Posted 4 years ago #

    my dashboard is all messed up..!!!! AND,

    i just noticed when i log into the wordpress login link

    i noticed "Looking up http://indesignstudioinfo.com/ "

    "Looking up http://indesignstudioinfo.com/ " shows up quickly in the bottom left of the screen and then quickly disappears.

    i did a who is for http://indesignstudioinfo.com/ and look what i found..

    Domain name: indesignstudioinfo.com

    Registrant Contact:
    HardSoft, inc
    Hilary Kneber
    7569468 fax: 7569468
    29/2 Sun street. Montey 29
    Virginia NA 3947
    us

    Administrative Contact:
    Hilary Kneber
    7569468 fax: 7569468
    29/2 Sun street. Montey 29
    Virginia NA 3947
    us

    Technical Contact:
    Hilary Kneber
    7569468 fax: 7569468
    29/2 Sun street. Montey 29
    Virginia NA 3947
    us

    Billing Contact:
    Hilary Kneber
    7569468 fax: 7569468
    29/2 Sun street. Montey 29
    Virginia NA 3947
    us

    DNS:
    ns1.oklahomacitycom.com
    ns2.oklahomacitycom.com

    Created: 2010-05-06
    Expires: 2011-05-06

  16. helpme11
    Member
    Posted 4 years ago #

    look at wp-content/themes/sem-reloaded/ (anything with that datestamp
    me: where do i go to see that ..
    friend: You'll see base 64 code at the top of each script. It's all been hacked.
    ftp
    It's not part of WP.
    use an FTP client to get to your serve

    ( i have no idea what my friend will do to get rid of the script )

    i will find out and post here for everyone to know.!!

  17. ClaytonJames
    Member
    Posted 4 years ago #

    Maybe it's time to do something about it, rather than repeatedly contributing to the FUD.

    Relevant link about this:

    //www.indesignstudioinfo.com/ls.php
    //zettapetta.com/js.php

    http://blog.sucuri.net/2010/05/new-attack-today-against-wordpress.html

    Link to the purported fix for it:

    http://blog.sucuri.net/2010/05/simple-cleanup-solution-for-latest.html

    [edit] which, by the way appears to have been already posted in this thread several hours ago (and more than once). It would be interesting to read some more feedback on the results of that method.

  18. helpme11
    Member
    Posted 4 years ago #

    this is our conversation

    me: why do people do this
    friend: A "script" by an untrusted source could do significantly more damage (more hackers tricking you to run their shit).

  19. helpme11
    Member
    Posted 4 years ago #

    this is what my friend says:

    friend : this is a mess.
    Every plugin, every theme, every bit of php code has to be rebuilt / replaced.
    This is going to be time consuming.

  20. ClaytonJames
    Member
    Posted 4 years ago #

    Do it from your last known good backup. It should take about 10 minutes.

    Or, again... you can try this repair first, and let us know how it works.

    http://blog.sucuri.net/2010/05/simple-cleanup-solution-for-latest.html

  21. helpme11
    Member
    Posted 4 years ago #

    my friend is going into the hosting account

    why, i have no idea.

    CLAYTONJames: I gave him the link you provided.

    just a thought on the side, has anyone been able to locate where these hackers live - or was this generated by a robot??? it must be possible.

  22. helpme11, it's okay to not post everything that your friend is doing. Feel free to just follow up when your friend has finished fixing your site.

    As for who is doing this and how it's being done, there several links in this thread that go to articles discussing the issue in depth.

  23. snoopinc
    Member
    Posted 4 years ago #

    I just checked both of my WordPress sites. Luckily they weren't infected. Perhaps these were targeted attacks on the big web hosts?

  24. thisisedie
    Member
    Posted 4 years ago #

    I would just like to say that when I install WP I generate fresh keys, I change the prefix from wp_ to something like Efhje4k9Ubc_, I make both my database name and password something as equally nonsense, and I create an account for myself and delete the admin user. I have never ever been hacked. I'm not saying I can't be but taking these steps will certainly throw off a hacker :)

  25. Emanuele Pisapia
    Member
    Posted 4 years ago #

    I have a question for you:

    - different servers
    - different websites and platform

    ... what FTP client do you use? I use FileZilla tha save ftp password without encryption... and you?

  26. bata777
    Member
    Posted 4 years ago #

    Hi,

    All my sites on Hostmonster are infected yesterday with this virus,
    Wordpress, Joomla and even individual written php sites.

    I tried this http://blog.sucuri.net/2010/05/simple-cleanup-solution-for-latest.html , but still no fix

    Need help.

    Thanks,

    Bat

  27. helpme11
    Member
    Posted 4 years ago #

    To all the above....

    The SCRIP THAT YOU PROVIDED Did not work for my site!!

    my friend had to take both my websites off line!! ouch!!

    nd work with the FTP and then work with creating a new data base in the
    hosting name and upgrading

    ANd now move the main folder to a new folder within the hosting site.

    i also noticed i get this: on my pc at the same time i got hacked.

    Warning: Unresponsive Script

    A script on this page may be busy, or it may have stopped responding. You can stop the script now or you can continue to see if the script will complete.

    Script" chrome://tavgp/content/avg/avgbapi.js:125

    (checkbox) Don't ask me again

    Stop script (button) Continue (button)

  28. helpme11
    Member
    Posted 4 years ago #

    i feel so bad for people using wordpress who have no clue what to do when it comes to situations like this. (like myself)

    I have no clue what to do. and if i dont know, im sure there are many others who are out there who also don't know.

    So stay tuned cause i will find out what exactly my friend did, and post it here.

    All the above posts about running a script and it takes 10 minutes - i wish it was true(maybe in some cases, but for me it didnt' work), and how do you run a script? beats me!!

    So don't worry.

    Just a thought again, since wordpress has automatic updates ( which i think are awesome(i love just clicking a button to upgrade and done), why don't they have automatic fixers - someone should get on this....) Yes!!!

    I honestly would of gave up my website (sold it) if I didn't have a friend who knows how to fix things. So if i feel like this, i'm sure there are many who are thinking about giving up!! Well there is hope!!

    My site says; we are down for maintenance but really its been hacked!!

    My friend said it will be up by Sunday.

    I lost revenue and massive amounts of traffic! todays a sunny day.. so i guess i can go outside for air... so thats a good thing with the site being down.

  29. helpme11
    Member
    Posted 4 years ago #

    and i wont post anymore until my site is up and i get a full detailed summary of what to do! (what my friend did) sorry about posting so much.

  30. Steve D
    Member
    Posted 4 years ago #

    Heads Up . . . May 8, 2010 NS

    We received alerts of a new type of file inclusion on our customers’ websites, whereby a “.nts” file is added to folders of customers’ hosting accounts. Visitors to affected websites will receive a “website cannot be found” message and may be infected with malware. This “.nts” file addition is occurring mostly within the structure of customers’ WordPress installations, however the issue is not with WordPress. We ask that you please remove all files with the extension “.nts” in order to resolve this issue.

    At this point the bottom line is the grid is probably being infected regardless of who your hosted with.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags