WordPress › Support » holasionweb.com virus

krimkus
Member
Posted 2 years ago #

Hello,

Being a Mac user, I am not familiar with viruses other than what I hear Windows users complain about, so I'm not sure how my blog at http://motherrimmy.com has been hacked, but after reading a few blog posts on WordPress Trojans and viruses I was able to see this code when I viewed the source code of my website.

At the very end of the code is a script that loads a this holasionweb.com.

I thought I could just edit the code from the footer of my theme, but I can't find it.

GoDaddy is doing some research on their end to see if they have a problem.

The antivirus plugin I downloaded doesn't find a permalink backdoor problem.

I hope someone can help me.

Thank you,

Kristi
esmi
Theme Diva & Forum Moderator
Posted 2 years ago #

http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/
encomix
Member
Posted 2 years ago #

I'm glad to find this post. I read through various twitter accounts that this has been happening all day. Two of my sites are down. :(
swytch
Member
Posted 2 years ago #

I am encountering the same issues with a client's blog. This is the 3rd attack - each time I attempted to restore/replace the files with my original versions. This, I thought, corrected the issue but apparently not as this is the 3rd incident (each time from a different malicious IP/domain but same exploit, eval code type). I have been researching for hours and applying suggestions but with no avail. I have a feeling there is some sort of backdoor which I am missing.

Can anyone advise a solid solution?
Thx :)
esmi
Theme Diva & Forum Moderator
Posted 2 years ago #

http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/
anneonline
Member
Posted 2 years ago #

I started having issues today [am with GoDaddy, too] and just found notice this was loading as well. {sigh}
sassafrasa
Member
Posted 2 years ago #

i just loaded my site and got this problem as well :(
cowbelly
Member
Posted 2 years ago #

I so feel for all of you guys.

My blog has been hit twice in the last week, the 2nd time this morning.

Last Friday it was by the zettapetta virus, and this morning by the holasionweb.

I did everything swytch did above, and it didn't work- everything was still completely screwed up, especially the admin. I was nearly suicidal by the time I fixed it last week.

I had deleted all of the files, did a new install of the latest WP version, checked every folder and every main php file, and my blog was still fubared.

BUT, the good (of not great) news is there is a fix, and one that is quick, easy and works really well.

If you use GoDaddy that is, but I suspect that you'd be able to do this with other hosts too if you just contact their tech support and ask them how.

What you need to do is a restore to history in your hosting control panel. Why, in the several times I talked to GoDaddy, they didn't recommend this process (instead just repeating- you must upgrade your WP version- as if it's a WP fault- it's not!!), is beyond me.

I just wrote a loooong post on my blog about how to (successfully) fix it using the GoDaddy restore to history. (But don't worry- the process itself will only take about 15 minutes!)

here is the link to my blog post:

http://www.cowbellyblog.com/2010/05/12/the-best-way-to-remove-malware-from-a-wordpress-blog-using-godaddy/

And if I ever, ever, catch someone writing, or using, malware code, I swear to god I will pour gasoline on them and light them on fire. I am that angry about this. Which is why I'm now trawling the internet trying to help other people. I went through hell and hopefully you won't have to too.

Comment back here if the restore to history worked for you!!
mtbello
Member
Posted 2 years ago #

I had the same issue with one of my sites today. I wish I had read Cowbelly's post prior to my work this evening. After talking with GoDaddy, I reinstalled WordPress, including all of my plugin files, put my saved copy of my theme back (always have a copy on your computer), and cleared the cache and cookies. It worked, but took a while to do.

Is it just me or is 2.9.2 prone to hacks? I hope security in 3.0 is a higher priority.
pundito
Member
Posted 2 years ago #

Daniel Ansari posted a script that I just used on two of might sites that were infected and it worked beautifully:
http://www.danielansari.com/wordpress/2010/05/holasionwebcom/
jeffrev01
Member
Posted 2 years ago #

pundito, thanks for the link to Daniel Ansari's script. It was just the ticket for getting rid of this nasty malware hack on my blog. If anyone else is having problems with the holasionweb.com code, give this a try and see if it doesn't work for you too.
seekthat
Member
Posted 2 years ago #

I found this awesome solution and it worked extemely fast and easy for me, just read it here on my blog at Tintation.com
Also, pundito has the link that I talked about in my article.
sassafrasa
Member
Posted 2 years ago #

Hi guys, I used the fix from sucuri.net. However, whenever I try to make a new post, the page is all scrambled up. I replaced wp-admin already and it didn't work out. Help please? Thank you.
sassafrasa
Member
Posted 2 years ago #

cowbelly - your history restore method is the one which saved my website. thanks :)
blockbot
Member
Posted 2 years ago #

Daniel Ansari posted a script that I just used on two of might sites that were infected and it worked beautifully:
http://www.danielansari.com/wordpress/2010/05/holasionwebcom/

This fixed it for me
JSDavis82
Member
Posted 2 years ago #

Excellent! Daniel Ansari's script worked for me!

Topic Closed

This topic has been closed to new replies.

WordPress.org

Forums

[resolved] holasionweb.com virus (16 posts)

Topic Closed

About this Topic

Tags

Code is Poetry