Some jerk Hacked my wordpress and now drug links appear at the top of certain posts;
http://www.warrior-scholar.com/blog/?cat=3
What do I need to do?
Please help.
Dan
Got Hacked need help! (13 posts)
-
-
It seemed it was in the header, I renamed the old header and uploaded a backup. Anyone know how someone got in and changed my header?
I could not even view the header.php my control panel would not let me view it.
I'm a little nervous it may be in other files or my blog is open to other attacks of these types.
-
This is the jerk that Hacked my site;
makilovitalcamader@gmail.comHe somehow made a user name adminsta which got by me and I actually logged in many times under it and made various posts and pages.
I changed all the pages authored by adminsta to another name then deleted everyone from my members area including adminsta and all the posts and comments associated.
I looked in the header found code there and deleted it and uploaded a back up header.php then I found code on the latest post and deleted the post as well.
Am I missing anything? Is there more I can do (please remember I am a rank newbie so my worpress expertise is limited.)
-
Did you follow the steps here?
-
As much of them as I could.
1-Changed passwords
2-Deleted all users
3-Attributed the posts to a new user and looked at all the html.
4-Uploaded a fresh header and style.css
5-Thankfully my webprovider helped me just upgrade to the latest version of wordpress.That's it so far. However I am noticing I am getting spam in my most most recent post in the comments even though I have comments disabled.
-
Are you using the latest version of WordPress now (currently 2.9.2)?
-
I was not but I upgraded after the above steps 1-4.
-
Do you remember what version of WordPress you were running before this? Are you still having spam troubles on posts with disabled comments? And, are you using any anti-spam plugins, like Akismet?
-
2.8
I changed the name of the comments.php and since then have not gotten any spam. Akismet was catching it but every few minutes after deleting I would get more. So I dropped the comments.php and I deleted all members so there are just the admin (me) and me. I'm watching to see if there is any other weird activity since upgrading.
-
Oh, so Akismet was catching the spam? That's a good thing, and probably normal. Changing the name of comments.php is a great way to prevent automated spam, but it will probably break the next time you do an automatic update.
-
O.K Now I was trying to save a page and I got a weird error indicating a header2.php. I thought that was suspicious so I tried to view the php and it said I could not. So I deleted it and the strange code went away.
My question is how is this happening could there be code injected somewhere in the site. I mean if I'm the only user how are they creating a header2.php?
website;
http://www.warrior-scholar.com/blog -
Maybe header2.php was there already and I missed it and it got corrupted? Is there a headeer2.php with the basic install? I am suspicious since the last hack attack so I err on the safe side.
Topic Closed
This topic has been closed to new replies.
