WordPress.org

Ready to get started?Download WordPress

Forums

Disappearing Widget (6 posts)

  1. doakh
    Member
    Posted 10 months ago #

    This site http://www.lbisource.com/ has been hacked. The only visible problem is when you click on the 'read more' link at the bottom of 'the island skinny' widget. In fact this widget does not show up in the Sidebar on the Widget page. So it has been 'hidden'.

    Also,
    - I found some suspicious code in the header.php file after viewing the source code:
    [Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]

    - I replaced the wp-admin & wp-includes folders. I notice they had ~10 more files than they should have.
    - After replacing the core files a script appeared ( an advertisment in words )in the top of header. I removed it from the header.php file and it went away.

    The site has not been been updated as required. I found one plugin http://wordpress.org/plugins/ttftitles/ that had not been supported since 2007!

    Any ideas how to get the widget back.

    Thanks,
    Doak

  2. esmi
    Theme Diva & Forum Moderator
    Posted 10 months ago #

  3. doakh
    Member
    Posted 10 months ago #

    Thanks, It is nice to have all the resources in one place. I fixed her site. The intruder has set up a user as 'sysadmin' which I gather is common.

  4. WebTechGlobal
    Member
    Posted 10 months ago #

    Ah so it's not your site. That explains it. I was initially wondering how someone with knowledge of WordPress could let the site get in that state.

    Well done ;)

  5. doakh
    Member
    Posted 10 months ago #

    Sorry, I should have posted the code in pastebin. She is an elderly women ( not tech savvy ) and unfortunately hosts at GoDaddy. I did notice though they changed the db prefix ( after they found out she was hacked ) before I had a chance to.

  6. doakh
    Member
    Posted 10 months ago #

    FYI,

    I also found a plugin 'wpppm' that did not show up in the Dashboard. It accessed her .htaccess and hijacked the 404 error page.

Reply

You must log in to post.

About this Topic

Tags

No tags yet.