yes i am having exactly same issue. My host is “network solutions”. how can i fix it?
Thanks.
Yes, I was attacked as well after upgrading to WP 2.9.2 yesterday on Network Solutions.
How I resolved it:
- Using Network Solution’s MySQL admin console, browse to the wp_options table and change the value for “siteurl” to be your blog’s URL like “http://example.com/wordpress”.
- Edit wp_config.php to override value of SITEURL (this way even if the database value is altered, it gets overridden by the config value)
Make sure to backup your database using Network Solution’s admin console and enable the daily automated backups.
First of all…whoever burkestar is, is a genius!!!!!!Thank you!!!!!!
One other question, how do I “Edit wp_config.php to override value of SITEURL (this way even if the database value is altered, it gets overridden by the config value)”?
I know how to edit the config file, but what and where exactly am I altering in there?
Thank you again!!!!!!!!!
First of all…whoever burkestar is, is a genius!!!!!!Thank you!!!!!!
did you read my post?
that does not stop the hack!
Not sure what you mean? Will it “break” again? I apologize I am not too familiar with database functions and may be over my head. My site is back now, will it be short lived?
My site is back now, will it be short lived?
yes, you fixed the symptom. But you have a hole somewhere, a weakness or exploit. Which is how the hack got in. If the exploit is not fixed, you are as vulnerable as you were before.
That’s why the reading @samboll posted is very important…. you’ve gotta root out the problem or the hacks will return, and could get worse
Not as happy as I was 10 minutes ago! OK, I am reading those posts and I guess I will try to do what they say, but it truthfully may be over my head.
Thanks for the help. Any shortcuts that you may know of are appreciated, but thanks for the info.
sorry…there are no shortcuts unfortunately. You’ve gotta be super thorough
http://www.rvoodoo.com/2010/02/the-dreaded-base64-wordpress-hack-and-other-hacks-too/
here’s a sample of the crap I went through when I got hacked a couple times, if ya feel like reading more
Thank you. This is a stupid question, but how do I scan my ftp server? Do I literally read every line of code or is there a scanning plugin/software?
how much stuff do you have on there? I just had WP sites, so what I did was reinstall WP from the upgrade section (it just reinstalls the same version of WP I have now)
That made all my WP files have the same timestamp…the current date and time
Then I looked into my directories for any files that didn’t get updated (had different timestamps) and looked at them for bad code.
I’m sure there’s gotta be an easier way….it’s just how I do things. Took a few hours, I have 6 WP installs running
Good call, thanks.
This server only has WP on it for the most part.
Fingers crossed.
I’m having a hard time finding the MySQL or wp_options table. Could someone point me in the right direction? Is this something I could or should navigate to with FTP?
@psionstorm You can’t get to it through FTP, you need to access it through your web host panel – usually they provide direct access via an application called phpMyAdmin. If you can’t find it I’d call your host and ask.
Also, this only fixes the symptoms of the problem as samboll noted above – the hackers can easily get in through the same door unless you take the proper steps. Read the links he posted above.
Did the fix above, fixed mine, will speak to Network Solutions in the morning, odd how only one of my wordpress installations was hit, even though there were another 4 in the same directory, and same account on Network Solutions.
Is anyone having this problem, who isn’t on Network Solutions? As this also happened to a client of mine, I am trying to narrow down what is the cause.
We have changed SQL passwords, login passwords, main password and FTP passwords, but still not sure what caused it!
