WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Guys! Urgent help needed! (9 posts)

  1. neuville
    Member
    Posted 6 years ago #

    Hello everybody,
    I need very urgent help. I feel they hacked my weblog (http://www.adverbox.com).

    If you see the source code of the page you'll see, after the closing </html> tag, a bunch of links to spam websites.

    This makes also the rss feed not working properly. I don't know what could cause this issue. I've just updated to version 2.2, maybe that caused the prob.

    Please, help me, it's very urgent!

    Thanks to all in advance

  2. moshu
    Member
    Posted 6 years ago #

    If you were hacked contact your host. That's urgent, not posting in the forum !

  3. neuville
    Member
    Posted 6 years ago #

    I switched to the old version of WP (2.0.3) and the problem looks solved.

    Maybe it's a security issue of the new version?

  4. neuville
    Member
    Posted 6 years ago #

    [ok, I've also contacted my webhost :-)]

  5. whooami
    Member
    Posted 6 years ago #

    going back to 2.0.3 isnt going to solve your problem. In fact, you just opened yourself to being hacked, if in fact, you were not before.

    It sounds to me like you didnt even investigate the problem in the first place.

    What you have done, may have solved the immediate problem of those links.. but that's all it solved, I assure you.

  6. jetshack
    Member
    Posted 6 years ago #

    moshu's right you need to contact your host.

    looking at the whois data for the site that the links are pointing to it looks like you're dealing with something which might be able to be dealt with.

    A R T E S O N O R O dot ORG is registered to a Jose Carlos garcia sanchez
    His DNS servers are pointing to TECHNORAIL.COM
    TECHNORAIL.COM was bought by
    Santini, Susanna susanna.santini@staff.aruba.it
    Piazza Garibaldi 8
    Soci, AR 52010
    IT
    +39.057551571 Fax: +39.0575515790

    (used to live just down the street from Piazza Garibaldi)

    Aruba.it is an italian web host.

    So the second thing I would suggest doing after contating your webhost is to contat aurba.it and tell them that they've got either a comprimised account or a spammer on one of their servers.

    You're also fairly lucky because the site in question has been up and running (on wp at least since July of 05) Normally these sorts of things are going to be pointing to MFA sites which pop in and out of existence all the time. So this looks like it's a real person. I was able to catch the source to one of the pages before it loaded the redirect and it looks like whoever created the a r t e site is the same person who inserted the redirect...

    (I've saved the page in question if you want a copy I'll send it.)

  7. neuville
    Member
    Posted 6 years ago #

    Hello whooami,
    thank you, every suggestion is welcome and precious. I'm trying to solve the issue with the webhost, but they quite suck at customer service and so I feel I'll change host very soon.

    this told, the odd thing is that the prob. started since the update (I saw it because my rss feed was broken) and is not visible coming back to the previous version.

    Maybe I've lost some security update of the 2.2 version...

  8. neuville
    Member
    Posted 6 years ago #

    Hey Jetshack,
    thank you, that would be great if you drop me the page, so I'll attach it at the emails sent (I've not saved it from myself as I should have done: usually I'm a monster with things related to job but not with my own things... :-)

    I'll contact you by your weblog, looks good?

  9. neuville
    Member
    Posted 5 years ago #

    solved, my host was hacked and they changed me the password.

    thank you all for your help!

Topic Closed

This topic has been closed to new replies.

About this Topic