To me it sounds to be something wrong with the database. Have you check it to be allright? No tables crashed?
Hi Michael. I did a quick check of your blog, and it appears that you have had, or may still have some hidden or injected spam links in a file somewhere:
http://www.google.com/#q=cialis+site:www.michaelashapiro.com/blog/&hl=en&filter=0&fp=VEE02fthf5k
Here is a text only look at a cached page that was last crawled on 7/19. Look at the bottom of the page, below the footer credits.
http://74.125.93.132/search?q=cache:4HvW1A3EjFMJ:www.michaelashapiro.com/blog/+cialis+site:www.michaelashapiro.com/blog/&hl=en&gl=us&strip=1
I also noticed that you are using version 2.0.4 of wordpress, so my knee jerk reaction that it might be possible that you have some corruption/code injection issues due to an exploited vulnerability.
Clayton,
OK, I see what you’re talking about, but I can’t find the links on the server. Where should I look? AND
How do those links create the problem I was describing?
BTW-I did find a couple weeks ago, that my account had been hacked and the permissions changed. I have since repaired them to 755 and 644.
I also see that my image uploads to the server have been successful.
???
Michael
How do those links create the problem I was describing?
I am suggesting that your problem could be a secondary symptom of what I pointed out.
“…it might be possible that you have some corruption/code injection issues due to an exploited vulnerability..”
You are currently using a version of wordpress long ago deemed unsafe and exploitable.
BTW-I did find a couple weeks ago, that my account had been hacked and the permissions changed. I have since repaired them to 755 and 644.
Perhaps some of your problem may now be an errant permission issue somewhere, but I would have to believe that the greater issue is that you have suffered a hack. Take a look in index.php of your blog directory for starters. I suspect that you may find code injection. If not there, certainly somewhere else. To be blunt, you have lost control of your site due to hacking. Whether it was ftp, server, or WordPress related, your site is still insecure. You may have changed the permissions, but the directories and files will still have to be cleaned up as well as probably the database. Then you will have to upgrade to a secure version of WordPress to close the holes.
Best of luck to you.
OK, I have downloaded the latest edition of wordpress. I have also downloaded my entire blog.
Based on the above post, what should I do to preserve my blog in its current form (except working)?
Thanks.
Michael
Hello,
I still don’t know how to recognize hacked/added code. I have checked what I could, but still not working. Any help is appreciated.
Thanks.
OK Guys,
I have absolutely no idea what to do. I would like to upgrade, but Clayton cautioned me to fix the old files first.
Even reading the directions in “read me” for the newest version doesn’t help me.
Is there anyone who can walk me through this? I’m just a dumb photographer who doesn’t do code very well. I do need this blog, however to post new work.
Please help if you can.
Thanks.
Michael
It’s a pretty broad and general topic, but it’s been covered so many times, you can almost pick and choose suggestions.
//wordpress.org/search/%22been+hacked%22?forums=1
//wordpress.org/search/%22how+to%22+hacked?forums=1
//wordpress.org/search/hardening+wordpress?documentation=1&forums=1
//www.google.com/#hl=en&q=%22how+to%22+wordpress+hacked+repair&aq=f&oq=&aqi=&fp=-Pw1cEIpNGU
It’s never cut and dry, disappearing posts and/or edits not saving can also be related to to other things, (javascript problems, plugin conflicts) but I thought it important that you make sure you are clean to start with if you have already been hacked. Especially since I saw spam links present in your last cached page. They have to be there somewhere. Someone having enough access to change your file permissions is pretty serious.
but Clayton cautioned me to fix the old files first.
I wasn’t very precise with that statement. I was speaking strictly from the point of view of removing a hack. You can upgrade if you wish, that would certainly remove any wordpress files that have been corrupted if you replace the files, (unless they are theme files or plugins you intend to reuse), then you will need to examine the database for anything suspicious as well.
That’s quite a jump from 2.0.4 to 2.8.2. I can’t say if it will cause problems or not. Back up your database first, and back up all your files (you already have I think), at worst, you can reinstall if you have too. Proceed with caution, and certainly at your own risk.
I wish I had something more positive to tell you. Perhaps seeking paid help may better serve you if you aren’t confident taking it on.
Best of luck to you.
Thanks. That helps some. At least I can ask specific questions.
How do I recognize the hacks? I never did find the hacked code in the last post. It didn’t seem to be there in the file.
Which files exactly are you referring to as the database?
Thanks.
How do I recognize the hacks?
Read everything you can find that seems relevant. As I pointed out before, and listed several links to,
It’s a pretty broad and general topic, but it’s been covered so many times, you can almost pick and choose suggestions.
//wordpress.org/search/%22been+hacked%22?forums=1
//wordpress.org/search/%22how+to%22+hacked?forums=1
//wordpress.org/search/hardening+wordpress?documentation=1&forums=1
//www.google.com/#hl=en&q=%22how+to%22+wordpress+hacked+repair&aq=f&oq=&aqi=&fp=-Pw1cEIpNGU
It’s never cut and dry.
I never did find the hacked code in the last post. It didn’t seem to be there in the file.
Scour the files for your site that you backed up. It may be in plain text, it may be in the form of base64 encryption, it may be a file that has been altered and replaced. If you really want to find it, you need to look in every file. Start with index.php, footer and header files. Perhaps learning how to use “grep for windows” (I’m making an assumption about you using windows, I know) will make the search easier.
Which files exactly are you referring to as the database?
Start with the user tables. Look for users with admin status that should not have it. Look for users that you know should not be there. Read everything you can that is relevant to the issue. There is hours worth of information. I think there is the possibility that when fixing your file and folder permissions, you may now have an errant permission somewhere, or.. some other conflict is causing your issue. I don’t know. I have no evidence to back that up, it’s just a gut feeling, but at some point you are going to have to do SOMETHING. Read, read, read… Then either take your best shot or hire someone.
There is no magic question and answer. You just have to read about what everyone else has already experienced and done. Google is a wonderful resource. Good luck to you.
Just a clarification… as I re-read this, I suddenly realized that you may not actually be clear about the database:
Which files exactly are you referring to as the database?
The database is the database. It is not in any files. I am referring to the ‘sql database that holds all of your blogs posts, comments, user data and settings.
http://codex.wordpress.org/Glossary#MySQL
If this isn’t familiar to you, I strongly suggest you seek to enlist experienced help until you are comfortable with it.
Best wishes.
Cj
Your help was, well, helpful. All is up and running.
Thanks.
