WordPress.org

Ready to get started?Download WordPress

Forums

Blog was hacked (RSS issue), but now I get garbled text, what does this mean? (6 posts)

  1. amnesiak
    Member
    Posted 4 years ago #

    hey there guys,

    I've got a bit of an issue. First people were starting to see spam pharmaceutical references in Google Reader through RSS.

    So after going through countless threads of advice,
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

    http://www.journeyetc.com/uncategorized/wordpress-permalink-rss-problems/

    http://wordpress.org/support/topic/297639/page/3

    http://groups.google.com/group/google-reader-troubleshoot/browse_thread/thread/39a7eef288c65dd0/3d177143fb8f5be1?lnk=gst&q=spam&pli=1

    I decided to start by first getting rid of the 'hidden' or 'invisibile' admins. (These are users who are admins on the blog but don't shop up in the admin panel. Their name usually starts with "..."

    All was good.

    Next step, I had decided to replace the whole site with fresh files.

    I uploaded all the root files, everything was fine. I then uploaded the wp-admin and wp-includes file and went to bed (because it took time for me).

    After it completed I got a phonecall from a friend saying, 'you're blog is all messed up, check it out'.

    This is what it looks like now when you try to open it.

    Image here http://img4.imageshack.us/img4/7158/picture2hv.png

    Could someone tell me what this means?

  2. amnesiak
    Member
    Posted 4 years ago #

    someone out there who can part with some wisdom?

    (to help me fix this)

  3. Looks like WP source code. I'd do an upgrade to 2.8.4 over again, Upgrading WordPress, as it looks like a bunch of WP files didn't complete their upload. And then check for leftover bits of the hack from the same link above, Cleaning your hacked WP install.

  4. alism
    Member
    Posted 4 years ago #

    I'd probably try refreshing those files again first. Delete wp-admin and wp-includes entirely, then re-upload again via FTP in Auto mode. Same goes for the files in the root (except wp-config.php of course).

    Take a look and see if there's anything suspicious inside your .htaccess file and manually examine your wp-config.php too for any shenanigans.

    Regenerate your Permalinks if you're using them.

    Still having problems after that, install some of the security scan/exploit checker plugins and see if there's anything buried in the database itself somewhere.

    edit: errr, yeah. What he said. :-)

  5. amnesiak
    Member
    Posted 4 years ago #

    thanks guys. I completely deleted everything and reuploaded it and it remained the same for around an hour and now things are looking good.

    Unusually although I went through the site, deleted hidden admins and checked the db, I still get Pharmaceutical references in Google Reader.

    My last check is with Plug-ins

    I'll also install a security check plug-in in hopes that it makes life a bit easier :)

  6. aless.blog
    Member
    Posted 4 years ago #

    Maybe you can try cleaning it up with fire. Maybe this way you will terminate once and for all with spamming. That`s why people hacked. You know what i am talking about ... Oo, try with Start -> Turn Off Computer -> Shut down. Ok? RESOLVED

Topic Closed

This topic has been closed to new replies.

About this Topic