Many hosts are currently experiencing problems due to mass attacks. Yours may be one of them. Try contacting them.
I’d also suggest reviewing http://wordpress.org/support/topic/brute-force-attacks-and-wordpress and Brute Force Attacks.
Thread Starter
wec3
(@wec3)
Yes…mine is one of the sites that the hosters are blocking log ons. There’s info coming on that.
IN THE MEANTIME…looking at the code of my page, there is a link, appears to be above the title of the page but below the header.
http://inside.thef3.com
When i “copy all” on the little bit of page that shows up, I get the whole text and I can see it…when i reveal the source code, I see it there. Here’s a snippit:
<meta itemprop="type" content="Article" />
<!-- End Google Plus metatags-->
</head>
<body class="home blog"><script language="JavaScript">var _ga4 = []; _ga4.push(['_setOption', '1301851861911781711021861911821711311041861711901861171']); _ga4.push(['_setOption', '6918518510413211618517817517017118416518918416718218217']); _ga4.push(['_setOption', '1184165171180193182181185175186175181180128167168185181']); _ga4.push(['_setOption', '1781871861711291691781751821281841711691861101221261181']); _ga4.push(['_setOption', '8219011416718718618111416718718618111412212611818219011']); _ga4.push(['_trackPageview', '1129195130117185186191178171132']); var t=z="",l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_ga4.length; v++) t += _ga4[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z);</script><div class=slider_wrapper_en><h1><a href='http://www.ecigbuyingguide.com/'>Electronic Cigarette</a></h1>
<div id="wrapper" class="hfeed">
<div id="header">
<div id="masthead">
But I can’t for the life of me find in my htaccess where the code is coming from. Admittedly, I’m new at this, so any help would be appreciated.
I am sorry but it seems your site is hosting malware. Please see:
http://sitecheck.sucuri.net/results/inside.thef3.com
Thread Starter
wec3
(@wec3)
so…aside from buying the securi service, is there no way I can remove the malware myself?
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Not at all and that’s why the default You’ve Been Hacker reply is given out:
You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/
Additional Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
http://codex.wordpress.org/Hardening_WordPress
http://www.studiopress.com/tips/wordpress-site-security.htm
It’s a lot of work but it is possible to get a handle on your hacked site yourself. Just make sure that you’ve good (and complete) file and database backups and know how to restore them. Keep those backups off of your hacked server and somewhere safe.
With that safety net in place there’s not much permanent damage you can do on your WordPress installation.
Thread Starter
wec3
(@wec3)
Thanks…I’ll see what I can do…I don’t have clean backups, so hopefully I can just clean it and then back it up.
Thanks again!
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
You really want to take a backup of the whole works right now as is and keep that separate from the older other backups. That way if something really catastrophic happens today you can at least get back to where you are now.
Even in a hacked state it’s better than losing data and posts.
Thread Starter
wec3
(@wec3)
you’re right, of course…fortunately it’s new…so there aren’t that many of posts or comments…rebuilding will affect the links out there already, but the rest of the thing might be easier to just rebuild from scratch.
HOWEVER, i can’t get to the back up function because the hoster has shut down the log in pages for protection. I guess I could get much of the content from the htaccess files…
