Forums

WordPress › Support » How-To and Troubleshooting

Hacked By Magic Include Shell 3.3.3 (8 posts)

  1. kylecor42
    Member
    Posted 1 year ago #

    Early last week we upgraded my WordPress site to the latest version. Before there were no particular problems, but as soon as we upgraded, I began to receive about triple the amount of spam comments, and for the first time, I was receiving numerous pingbacks from other WordPress sites clearly set up by spammers.

    Yesterday I logged in to my dashboard and went to delete the spam comments. As soon as I click an action (ie mark as spam), all the links on the whole WordPress dashboard turn green, and the action will not go through.

    Furthermore when I try to post a blog, it will allow me to begin composing, but then if I try to Save Draft or after a certain period, it will take me to what looks like a PHP editing screen that is titled "Magic Include Shell 3.3.3". Also if I try to log out, it takes me to the same screen.

    Per this thread...

    http://wordpress.org/support/topic/cant-postedit-requesting-authentication-magic

    ...I downloaded brand new root files from WordPress, and replaced ALL of them in my root file except the wp-config file, meaning the whole wp-admin and wp-includes files, as well as all the other individual files in the root folder. It had no effect.

    Help. Please.

  2. James
    Happiness Engineer
    Posted 1 year ago #

    Try decativating all plugins. If that resolves the issue, reactivate each one individually until you find the cause.

    If that does not resolve the issue, try switching to the Default theme (WordPress 2.9) or the Twenty Ten theme (WordPress 3.0) to rule-out a theme-specific issue (theme functions can interfere with the admin panel).

  3. kylecor42
    Member
    Posted 1 year ago #

    Thank you for the help.

    Already tried that per another Magic Include Shell solution I found, but any time I click to change a plugin, it takes me to the "Magic Include Shell 3.3.3" PHP-editor-looking screen. I tried changing them individually, as a bulk action, using a different browser, and nothing worked.

    Pretty much any time I get to the point of being able to change content on the site in any way, it takes me to the Magic Include Shell screen.

  4. kylecor42
    Member
    Posted 1 year ago #

    Oh, and I don't think this is theme-compatibility related. Though I did just upgrade, I didn't experince this problem until about a week later. I suggested to the guy that helps me with the back end that we do a downgrade. He's not too excited about that idea. The reason we upgraded was supposed to be to defend us better from hacks.

  5. esmi
    Theme Diva & Forum Moderator
    Posted 1 year ago #

    Try resetting the plugins folder by FTP or phpMyAdmin.

    And your web guy is right - upgrading to the latest version is the best security against future hacks.

  6. kylecor42
    Member
    Posted 1 year ago #

    Thanks Esmi,

    Ok, I followed the instructions to manually disable the plugins. After making a plugins.hold folder thru FTP, I went into the administration dashboard, and under "Plugins" it said they were all disabled. Then I renamed the plugin file through FTP.

    Still did not solve the problem. Nothing's changed.

    And your web guy is right - upgrading to the latest version is the best security against future hacks.

    Ironically in 2 1/2 years I never had one problem. A week after upgrading my spam triples and I get hacked.

  7. esmi
    Theme Diva & Forum Moderator
    Posted 1 year ago #

    It could have come from elsewhere on the server. See if these links help:

    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/

  8. moongoose
    Member
    Posted 1 year ago #

    Another security tip: Do NOT download WordPress themes found via an Internet search (ie some site other than wordpress.org). I did that and one of them had the Magic Include Shell hack in the comments.php file. So, if you are having issues with Magic Include Shell, you may have it in your theme files, so be sure to search on those files for those words. No one seems to mention this has a potential source of the attack. You may have uploaded your theme two years ago, then the hacker finally discovers that you have left the backdoor open for them and starts to exploit it.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.