Hacked WordPress

(@davidvene)

Hi, I’m new around here but I’ve been working with wordpress for a while now and this is the first time I see something like this…

The warning became from Google after several suspensions of an adwords campaigns due to a problem with the url. I didn’t understand at the beginning but after I saw the source code of the wordpress website I understood that the website was hacked.

Here is a part of the code that I found just above the header:

[ Moderator Note: Please post code or markup snippets between backticks or use the code button. ]

<div style='text-indent:-9999em'><a href="http://www.homedepotcoupons.org" rel="follow">Home Depot Coupon Codes 2012</a> <a href="http://www.lexapro-side-effects.org" rel="follow">Lexapro Side Effects</a> <a href="http://www.couponstocks.com/office-depot-coupons/" rel="follow">Office Depot Coupons</a> <a href="http://www.jcpenney-coupons.org" rel="follow">JCPenney Coupons</a> <a href="http://www.pizza-hutcoupons.com" rel="follow">Pizza Hut Coupons</a> <a href="http://www.bigbrotheralbania6.org" rel="follow">Big Brother Albania 6</a> <a href="http://muzikshqip.shtypidites.com" rel="follow">muzik shqip</a> <a href="http://www.citalopramside-effects.org" rel="follow">Citalopram Side Effects</a> <a href="http://www.joann-fabrics-coupons.org" rel="follow">Joann Fabrics Coupons</a> <a href="http://www.neurontin-side-effects.com" rel="follow">Neurontin Side Effects</a> <a href="http://horoskopi.shtypidites.com" rel="follow">Horoskopi</a> <a href="http://www.couponstocks.com/walmart-coupons/" rel="follow">Walmart Coupons</a> <a href="http://www.iatenololsideeffects.com" rel="follow">Atenolol Side Effects</a> <a href="http://hostgatorcoupon.clickwebhosting.com" rel="follow">hostgator coupons</a> <a href="http://www.couponstocks.com/kohls-coupons/" rel="follow">kohls coupons</a> <a href="http://www.couponstocks.com/bed-bath-and-beyond-coupon" rel="follow">bed bath and beyond coupon</a> </div><!-- start header --><!DOCTYPE html>
<!--[if IE 8 ]><html class="ie ie8 no-js" dir="ltr" lang="en-US"> <![endif]-->
<!--[if (gte IE 9)|!(IE)]><!--><html class="no-js" dir="ltr" lang="en-US"> <!--<![endif]-->
<head>

Please I need help to erase that from the site, I already took security measures but really don’t know where to look at to delete that code.

Thanks in advance.

David

Viewing 4 replies - 1 through 4 (of 4 total)

Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

11 years, 6 months ago

We really need a link to your site. This has happened to other people and it could be your are hacked or it could be you’ve gotten a theme from some really unscrupulous people.

If it is a hack:

You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
http://codex.wordpress.org/Hardening_WordPress
http://www.studiopress.com/tips/wordpress-site-security.htm

iq120
(@iq120)

11 years, 6 months ago

hi there
i have the same issue on my website iq120.org
is there any solution?

barkahsaptadi
(@barkahsaptadi)

11 years, 6 months ago

try this

go to your wp-login.php open and delete the last code :

here’s code injection in my site :
[Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]

thats work.

esmi
(@esmi)

11 years, 6 months ago

That is nowhere near enough! You need to follow all of the links posted above.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Hacked WordPress’ is closed to new replies.

Hacked WordPress

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics