WordPress.org

Ready to get started?Download WordPress

Forums

Hacked - Looking for suggestions! (3 posts)

  1. cleck673
    Member
    Posted 1 year ago #

    Hello All!

    I'm in better spirits than this morning, but I still haven't resolved my problems. I have read and read today, followed links, etc... I still can't find where this is happening so I am reaching out for suggestions. Thanks!

    I will preface what I know with admitting what I didn't do. I had several out of date plugins, a slightly out of date WP version, and a out of date theme.

    I will also mention something really weird. The website that this hack redirects to has a domain I used to own on the same subject as a referral. Related? Not sure. I did go into the SQL DB and changed all stray references to that site (my old domain) to the current domain. The site in question is not the same site that I hosted on that domain, but I am using the same theme and some of the old content.

    This site has been chugging along smoothly for 6 months.

    This morning, I got an email and when I checked it out, I saw the same thing. What is happening is random pages, single posts, search, etc are loading up and a second later, redirecting to a p0rn site.

    I have done the follow so far but I am on a laptop with a slow connection so I can't really dig in until I get home in a few hours.

    • I have done a search in the SQL DB for the domain that it's redirecting to as well as my old domain. Didn't really find anything other than mentions of my old domain. I also searched for some things mention in some really helpful posts I read here earlier today. No luck.
    • I disabled all plugins, nothing.
    • I updated timthumb, still hacked.
    • I then changed theme to one of WordPress' default themes and I not getting redirects now. Good News! :) That said, I assumed the theme I am using has been hacked and I went through every file that I can access via wp-admin (in the edit theme area) and didn't see anything out of the ordinary.
    • I decided to download an updated version of the theme and move to it and redo all the custimization I had done later. I put the new theme in a new directory and treated it as a new theme with all new files. I activated it and got the same thing. It wasn't a file apparently.

    Maybe there is something that this particular theme calls from the SQL DB that is in common between the old and new versions of this theme?

    The website that I am being redirected to is: searchremagnified(dot)com

    Does anyone have any suggestions?

  2. If you're site has been hacked, you'll need to look at these links:

    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    http://sitecheck.sucuri.net/scanner/

    also, you mentioned getting a fresh copy of the theme. Where are you getting this theme? If it's not from the WordPress repo it might be the culprit. A lot of free themes out there, come loaded with viruses and malware.

  3. The Hack Repair Guy
    Member
    Posted 1 year ago #

    Replacing the theme or plugins may not be enough. Sadly, nowadays it's rare for hackers to not leave back door scripts in place (allowing hacker to hack your site again in future).

    For this reason, you'll need to review every PHP file on your website respectively to ensure none are out of place or were installed by hacker as well.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags