WordPress.org

Ready to get started?Download WordPress

Forums

HACKER? (16 posts)

  1. Tanci
    Member
    Posted 2 years ago #

    Please help!! I haven´t logged in in my blog for about 3 days. When I finally log in I see a red "warning" screan and it says that my blog may have been hacked or someone has put in some kind of virus in it. Everything in my design is upside down now. What can i do? The webpage that alerts me about this virus mentiones a link that made the problems. Please help I want my design to be ok again. Everithing was fine for about 2 days ago and now everything is upside down. My blog is http://www.beautybytanci.se

  2. JarretC
    Member
    Posted 2 years ago #

    Have you looked over http://codex.wordpress.org/FAQ_My_site_was_hacked?

    That has some good tips.

    Are you using a shared host for your website? Or using a VPS/Dedicated server? If using a shared host the server your site on could have been compromised and that is how access to your site was gained.

    It also could have been an outdated plugin that you were using that had a vulnerability or if you were using an outdated version of WordPress( latest is 3.3.1 ).

    If you aren't sure how to FTP into your server and going through code I'd recommending looking for a developer that can assist you with helping you fix your site.

  3. Tanci
    Member
    Posted 2 years ago #

    Thank you for your quick reply. I have made a update and have 3,3,1.

    I am not good at this blog or code things. I Only know how to post something and how to blog. But nothing about the codes.

    I have made a scan and it says that this is the infection. http://www.j4v4.kit.net/java.js
    It says that it has infected the javascript. Do you have any clues how I can remove it?

    I really dont understand how my blog can look good If I look at it with google chrome but when I look at it with explorer it is a mess. This is what I need help with. How do I restore it so it looks good. I haven´t touched ANYTHIGN in my codes so I haven´t made that mess.So that is why I think that this is strange that everything messes up like this:(.

    a big thank you in advance.

  4. JarretC
    Member
    Posted 2 years ago #

    You most likely can remove the infection by editing files in your theme that are including it. It's hard to say where exactly the infection is located so you'd have to download your theme files and then run a search through them to find that particular filename.

    It could have also been a plugin that was uploaded to your site by the hacker and inserts the infection into your theme so that even if you looked in your theme files you wouldn't see it.

    If you don't have any experience with using FTP or if you don't know much about PHP I would recommend looking for a developer to help assist you with your problem.

  5. learningmore
    Member
    Posted 2 years ago #

    JarretC, how are the hackers uploading plugins to our website if it isn't vulnerable in the first place?

    Also, what would we be searching for in the javascript of the theme files? I've heard people saying to search for binary code, but normally it is written like normal code. I've also heard others saying the theme could be modified to reference external .js files from other websites.

    When I was hacked, when I opened the index.php files, they looked normal in a text editor until I opened it in a raw text viewer.. then I saw the binary code at the top which google was translating.

    Does WordPress have any other up to date methods of securing the site other than "change your password, update wordpress, maybe use SSL if you can get the server configured"?

  6. Pankaj Pandey
    Member
    Posted 2 years ago #

    install Theme authenticity checker. also i suggest review all your file and check modified date through ftp. Delete others theme which you are not using. I also suggest delete plugins which you are not using. Us e a backup tool to backup DB.

  7. learningmore
    Member
    Posted 2 years ago #

    Thanks for your response! So the main way we are getting hacked is through Themes? I was hacked by a feature or an image resized INSIDE a theme. Is there some way to tell what themes will be modifying my secure install- such as, are theme plugins allowed to make directories writable?

    I would think it would take a LONG time to navigate through all the directories to compare the dates to see if they have been modified recently. Is that what you do, or do you have an application to check modified dates? I've found external site services that offer the option to check my site for modifications but they cost more money than I am willing to spend.

  8. Tanci
    Member
    Posted 2 years ago #

    MAybe this has not anything to do with my screwed up desing but maybe for a month i had new theme updates (twenty eleven, and some more). I haven´t made an update because I was afraid that every modification "design" will be deleted and back to square one.

    What do you think? Can it be the reason why my blog lookes like that with internet explorer? Because I have not made the update? Or is it because of that "hacker" or infection http://www.j4v4.kit.net/java.js
    that is mentioned on a "red warning page" when i try to enter my blog.

    Will everything dissapar if I make update on my theme?

  9. Pankaj Pandey
    Member
    Posted 2 years ago #

    did you identified the plugin name? also i want to know which hosting you are using. do you have some other website on same hosting account?

  10. learningmore
    Member
    Posted 2 years ago #

    Tanci,

    So you have modified the actual Theme pages themselves?

    Yes, I would think when the theme is updated your files would be overwritten. I may be incorrect and I'll let others chime in. I didn't see anything on the Theme Development page. It seems there is a Lesson in Customizing Template Files, but the anchor link just brings you to a general guide about modifying themes, but not a step by step lesson.

  11. Pankaj Pandey
    Member
    Posted 2 years ago #

    I strongly suggest all twenty eleven user to make a child theme and do modification. yes you may loose your customization if you did in theme code.

    Take a local backup of your current theme so you can do the changes at new theme. or you can easily modify and use your current theme as child theme of latest twenty eleven. you only need to keep the file which you modified.

  12. Tanci
    Member
    Posted 2 years ago #

    I haven´t identified anything by my self. Yesterday I tried to enter the front page of my blog (using internet explorer) and there was a red WARNING page that said that this link; http://www.j4v4.kit.net/java.js
    was infecting my blog and that it was maybe a hacker or a bug that somebody planted in my blog. And it warned that this could harm other computers when they try to enter my blog. Also when I recieved this warning I tried to enter my blog with google chrome and everything looked god (the design). But then I tried again with Internet Explorer and it looked messy again.

    This is not soo good because I Have about 15 000 readers/month. :( and I hope that they wont get any infection from me.

    I dont know anything about codes or designing (a friend made my design) I stayed up all night trying to find that code in my "blog codes" but didn´t find anything. I found a "pay for scan and cleaning" that is called Sucuri SiteCheck website and I did a scan for free and it also find that the same code was the trouble. http://www.j4v4.kit.net/java.js. It calls it for "malware". And that I have to pay to have it removed. But it costs a loot.

  13. Tanci
    Member
    Posted 2 years ago #

    Hi everyone. You are so nice for trying to help me. Big thanks in advance. No I havent done any modifications by my self because I´m a "dummie" when it comes to codes and desing. So I never change anything by myself in the codes. I only install plugins and update WordPress to 3,3,1. I haven´t made any "theme updates". I have read about that you can make a modification in the "child themes" but I have no idea what they are. Really,,, i have nooo education in coding.

    Now..i just want to make my blog look normal again. I´m sooo angry because I never touch anyhing in the codes and they get screwed up by them selfes.

    Maybe it is that "hacker" thing that happened:S. I really don´t know. But the strange thing for me is that if my codes were screwed up...then my blog would look screwed up "everywhere". But in google chrome it looks perfect. How can that be?

  14. Pankaj Pandey
    Member
    Posted 2 years ago #

    if you not made any changes i can suggest you can upgrade your theme.

  15. Tanci
    Member
    Posted 2 years ago #

    DO you think that this is a very difficult thing to fix? My screwed up design? Do you have any clues why it looks bad with "internet explorer" but it looks normal with "google chrome"? If my codes were screwed up...wouldn´t it then look bad EVERYWHERE?? And not just with internet explorer?

  16. Roy
    Member
    Posted 2 years ago #

    People, start here. Read it carefully and follow all the links that this article gives (especially under read some good blog posts). Also read that carefully and try the suggestions.
    http://codex.wordpress.org/FAQ_My_site_was_hacked

    There is no easy way to clean up. It is often easy to patch though. Just delete all files except wp-config.php and upload fresh copies. This might make things look good again, but if the hacker knows your password or you still use the badly coded plugin that was used in the first place, you'll be hacked again in no time.

    Clean up thoroughly, not rapidly! When you're sure you're clean again, read this:
    http://codex.wordpress.org/Hardening_WordPress

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags