WordPress.org

Ready to get started?Download WordPress

Forums

Hacked - Twice (12 posts)

  1. mac1205
    Member
    Posted 6 years ago #

    Recently on two of my sites I have been hacked.
    world-importing and another (one which isn't even "released" yet).
    the world-importing.com website has now been upgraded and all files deleted and re-uploaded . Though I believe the issue should be fixed it's not.
    visit world-importing.com and it still attempts to redirect to the hackers website. My knowledge of coding is pretty limited so all my attempts at searching through each file for a line with a redirect script to the website has been futile and seeing as i reuploaded all the files it can't be from there.

    I really don't know where to go and if people could re-iterate exactly what files need to have permissions and what not that would be useful for me once this problem is solved.

    This is becoming increasingly frustrating... another question is that I think someone is posting my websites on hacking forums/newsgroups to get revenge . Hence the 4 attacks in a short space of time. Is there anyway I could verify this or find out why all of a sudden the hackers are trying to get at me... All help is appreciated , greatly.

  2. mac1205
    Member
    Posted 6 years ago #

    To further this , I have just found that nothing has changed since the deleting/uploading of the new files/ upgrade. Today/Tomorrow are very important days for my blog with information regarding legal action against the site being shown to readers as well as an updated skin/site expansion. I feel extremly downheartened.

  3. whooami
    Member
    Posted 6 years ago #

    Though I believe the issue should be fixed it's not.

    My knowledge of coding is pretty limited so all my attempts at searching through each file for a line with a redirect script to the website has been futile and seeing as i reuploaded all the files it can't be from there.

    you would be surprised where ppl hide things. I found malicious code in a guys wp-settings.php, once .. They also like to use javascript encoding to hide things.

    If you want, zip up all of your WordPress files, including the config, (you can xxx out anything that you dont want me to see) and I'll happily find the 'evil code' for you.

    send it off in a zip to :

    whoo AT (remove all of this please) village-idiot.org

  4. Dgold
    Member
    Posted 6 years ago #

    that is awesome whooami
    I don't know how you do it but that is neat if you can find it like that

    good luck MacNumbers

    p.s. from what I've been told you need the permissions (chmod) 644 on files, others can tell you more, also check the Codex under "Hardening WordPress"

  5. whooami
    Member
    Posted 6 years ago #

    Check your e-mail Mike .. its in your database..

    you will need to find that link, its been added to your blogroll.

    then you need to change ALL your passwords

    then you need to upgrade to 2.2.1

    2.1.x is not a secure version of WP to be using

    I'm off for a while but if you need anything just give me a shout.

  6. whooami
    Member
    Posted 6 years ago #

    actually, scratch that, I fixed it for you..

    this is what I did:

    your main page redirects, so what you do is go straight to your wp-login.php ..

    I logged in, went into your blogroll and deleted the link.

    See image here:

    http://www.village-idiot.org/broke/mike.gif

    now, I also noticed that that says your running 2.2.1 however the version.php that I saw in your rar said you running 2.1.3

    I hope that you are doing the upgrade and thats why I see a different version :)

  7. mac1205
    Member
    Posted 6 years ago #

    Hey , Just emailed you and the problem isn't really solved. Some of the links in my admin still redirect to the hackers page . I can't seem to find any code in the actual files .

    Regards and thanks alot for helping.

  8. Cornell_Finch
    Member
    Posted 6 years ago #

    Did you upgrade all your files to 2.2.1 as Whooami suggested in a previous post?

    Replacing all the files will reset the settings in your admin to their default locations.

    Did you also change all your passwords (including your FTP one)?

  9. mac1205
    Member
    Posted 6 years ago #

    Yes I did. It hasnt been rehacked this is from yesterday . It's when I click on Users in the admin panel , it loads the page and redirects it straight after to the hackers page. I think they have inserted something into the database...

    I have also found out how they got access. Via the upload folder perhaps the permissions weren't set correctly. ... This is so stressful.

  10. mac1205
    Member
    Posted 6 years ago #

    Pffffffffffffff. Finally got access to mysql and sorted out all the redirection scripts he had inserted into the database. thanks everyone for the help you have given me.

    I now need to know exactly what folders need permissions and which ones dont.

    Regards
    Mike

  11. whooami
    Member
    Posted 6 years ago #

    I now need to know exactly what folders need permissions and which ones dont.

    safe (for the most part) and sane:

    directories: 755
    files: 644

    that WILL prevent you from using the inline uploader and the theme editor.

  12. MrBig
    Member
    Posted 6 years ago #

    i had the same problem then i crated a new MSQL User and deleted the old one.

Topic Closed

This topic has been closed to new replies.

About this Topic