Posted 1 year ago #
One of my sites, http://www.lackawannaastronomicalsociety.org, looks like it may have been hacked. If you scan down to the bottom of the page you will see a number of links. They bring you to a bunch of randomness. Each is labeled as a .php.
Any ides?
Thanks in advance.
Posted 1 year ago #
Looks like someone decided to do some naughty SEO on your site by hacking it O.o ... it looks like its just in your footer, just go into that file and delete everything after </html> and it should go.
Then change all your log in info for the server if you can.
Posted 1 year ago #
and then you need to find out where the actual problem lies. Here's some good reading. If you don't find out how you were hacked, it'll just keep happening
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://ocaoimh.ie/did-your-wordpress-site-get-hacked/
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://www.snipe.net/2010/01/when-wordpress-gets-hacked/
My Experiences with being hacked:
http://www.rvoodoo.com/2010/02/the-dreaded-base64-wordpress-hack-and-other-hacks-too/
And when you're done:
http://codex.wordpress.org/Hardening_WordPress
Posted 1 year ago #
Thanks.
I looked through the footer file in my theme, but couldn't find anything after the </HTML>.
Is there any other place the code could be hiding?
In the themes root folder I did find an index.php file with the contents...
<?php
// Silence is golden.
?>
Could this have something to do with it?
Posted 1 year ago #
Ohhh k, This is the poblem with your footer. You can edit the links from footer.php file. You can edit the file from your WordPress admin panel.
If you are using the free design, then it may be sponsorers which you are not allowed to remove. I you do so, your wordpress theme will stop working.
One more thing, is are the links at the footer strange or you already know the links and are in your site branch?
Posted 1 year ago #
The code could be generated through a different file, if you aren't seeing anything in your footer. The links above should give you a clue on how to find the file. Sometimes js or php files can be snuck onto your server which will insert links
Posted 1 year ago #
Are you sure that your site has been hacked?
Posted 1 year ago #
Still having trouble finding the hack. The below is in the footer file.
<!-- Footer -->
<td id="footer" colspan="<?php echo $cols; ?>">
<p>
<?php echo bfa_footer($bfa_ata_footer_style_content); ?>
</p>
<?php if ($bfa_ata_footer_show_queries == "Yes - visible") { ?>
<p>
<?php echo $wpdb->num_queries; ?><?php _e(' queries. ','atahualpa'); ?><?php timer_stop(1); ?><?php _e(' seconds.','atahualpa'); ?>
</p>
<?php } ?>
<?php if ($bfa_ata_footer_show_queries == "Yes - in source code") { ?>
<!--
<?php echo $wpdb->num_queries; ?><?php _e(' queries. ','atahualpa'); ?><?php timer_stop(1); ?><?php _e(' seconds.','atahualpa'); ?>
-->
<?php } ?>
<?php wp_footer(); ?>
</td>
<!-- / Footer -->
Posted 1 year ago #
or in my main index.php, does this look right?
<?php
/**
* Front to the WordPress application. This file doesn't do anything, but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*
* @package WordPress
*/
/**
* Tells WordPress to load the WordPress theme and output it.
*
* @var bool
*/
define('WP_USE_THEMES', true);
/** Loads the WordPress Environment and Template */
require('./wp-blog-header.php');
?>
Posted 1 year ago #
I noticed that my index.php file was edited on 8-2. The first day I noticed the problem. The above post has everything inside the index.php file.
Posted 1 year ago #
Nevermind. Stupid mistake. It was below the fold of my index.php. Now I just have to get rid of it.
Hmm. Even after I manually remove it and save the file, it reappears. Still working on it.
Posted 1 year ago #
Fixed.
This topic has been closed to new replies.
