WordPress.org

Ready to get started?Download WordPress

Forums

Howe did someone hack into my header.php??? (6 posts)

  1. Mike Logan
    Member
    Posted 1 year ago #

    Went to put up a link to my site on Facebook in a comment box, and it brought up the site but all the text describing the site had all this viagra advertising and such in it. So, I go check out my header.php and someone has injected the following right before the <body> tag:

    [ Spam links and code removed, no need to copy that here ]

    How the heck they they do this...this makes me very unhappy and raises a security question with wordpress for I always change the password on a regular basis for admin login??? Any ideas????

    peace out,
    DL

  2. Mike Logan
    Member
    Posted 1 year ago #

    Ok...I have most of it all cleaned up and all the passwords changed and when I run the scan it shows only one instance of it left and I don't know how to find it??? For the most part they put it in my header.php file so I just replaced that with a backed up version and that cleared that up, but it seems as thought they snuck the code into a language file somewhere and I can not find it...it would be the Italian language file I think because the URL that returns as still infected looks like this:

    http://www.mysite.com/?gtlang=it

    Please someone tell me where that file would be? I have looked everywhere on the server and cannot find any language files or folder. Using version 3.5

    Thanks again\\peace out,
    DL

  3. Mike Logan
    Member
    Posted 1 year ago #

    Also, how long is it going to take the search engines to crawl my site again so that description of the site the hacker(s) put in will go away???

    (they hid it in the head section and all the search engines sucked it right in)

    peace out,
    DL

  4. Mike Logan
    Member
    Posted 1 year ago #

    Ok...I am now assuming the link I provided above is not actually a file but rather a url after using a "translator service?" I think the last part means something like gt (either google translator OR global translator" and naturally the lang=it means it is translating to Italian.

    Now, I do have a translator plugin on my site (Global Translator). I went and clicked on it to use it from the front page of the site and when I do that and then view the source, I see the spam is back in the html output? So I figured someone must of hacked through the translator plugin but when I view all the php files in the plugin folder, none of them have been altered and I even ran a "find" in each file to look for the snipet of js and none was found. So, now that you guys know this, do you have any ideas on how to find how that code is getting in?

    Thanks

    peace out,
    DL

  5. vraghav
    Member
    Posted 1 year ago #

    EDIT: I was trying to open a thread and accidentally posted here.

    Hi

    I've a created wordpress membership site using wishlist member plugin. But I want to have different header.php based on different logins.
    Eg: Users are: Print, Web and Free

    When Free user logs in - I want header1.php to load
    When Print user logs in - I want header2.php to load
    When Web user logs in - I want header3.php to load

    If nobody has logged in the default header.php stays.

    Please assist on how to do this.

    Regards,
    Raghav.

Topic Closed

This topic has been closed to new replies.

About this Topic