WordPress.org

Ready to get started?Download WordPress

Forums

Hacked 2.3.3 (10 posts)

  1. arthuc01
    Member
    Posted 6 years ago #

    By 2.2 installation was being hacked into and spam hidden links dumped into index.php. I didn;t notice until google decided to ban me (they have now reincled my site). But even though i've updated to 2.3.3 it keeps happening.

    I have disabled all plugins.
    I have chmod'd wp-includes as recommended

    Any ideas what else i can do - has anyone seen this before and can advise please

  2. Roy
    Member
    Posted 6 years ago #

    Just a silly question. You didn't use your old files for the new installation, just like this fellow?

  3. arthuc01
    Member
    Posted 6 years ago #

    no - i did re-upload the new files because that thought had crossed my mind - so its not that silly a question

  4. Skitals
    Member
    Posted 6 years ago #

    Are you also getting the "document.write" crap at the bottom of the file? I was up way too late last night figuring everything out. In my case it seemed to be an instance of the xmlrpc exploit which was fixed in the latest WP update. While that hole may be closed, a php shell could have been installed anywhere on your site before you updated. That includes non-system folders you may not have checked or removed when updating, or in my case, scripts were placed in my custom theme directory which I was dumb enough to copy back to my fresh WP installation.

  5. arthuc01
    Member
    Posted 6 years ago #

    Hi , I took Skitals advice and deleted everything but wordpress from the site. and did a fresh install of 2.3.3.

    Sadly i have re-hacked.

    What happens is that lots of spam links get appended to index.php

    This is really starting to annoy me now. Haven't these folk got better things to do than hack someones website for a little bit of google link juice?

  6. Chris_K
    Member
    Posted 6 years ago #

    Have you checked file permissions? You don't, by chance, have everything at 777 do you?

  7. arthuc01
    Member
    Posted 6 years ago #

    nope php file chmod'd 644

  8. arthuc01
    Member
    Posted 6 years ago #

    admin and include folders 755

  9. Obvious
    Member
    Posted 6 years ago #

    Did you change your user passwords?

  10. arthuc01
    Member
    Posted 6 years ago #

    I changed them when I was first hacked - do you think it might be necessary to change it again?

Topic Closed

This topic has been closed to new replies.

About this Topic