WordPress.org

Ready to get started?Download WordPress

Forums

index.php hacked : all sorts of viagra/cialis links (6 posts)

  1. nolageek
    Member
    Posted 7 years ago #

    Scanned the forums but didn't see anyhting about this...

    Today, a client of mine called and said that his site was down. I was getting this error message:

    Parse error: syntax error, unexpected '<' in /home/ohdog02/public_html/index.php on line 5

    Upon opening index.php in the root, I see this:

    <?php
    /* Short and sweet */
    define('WP_USE_THEMES', true);
    require('./wordpress/wp-blog-header.php');
    <div style="overflow:auto; visibility:hidden; height: 1px; "><a href="http://www.uvm.edu/~scarter/Untitled_24/ind0.html">cheapest generic cialis</a>|<a href="http://www.uvm.edu/~scarter/Untitled_24/ind1.html">cialis compare levitra cialis</a>|<a href="http://www.uvm.edu/~scarter/Untitled_24/ind10.html">cialis versus cialis</a>|<a href="http://www.loyno.edu/~edgros/images/ind11.html">generic cialis</a>|<a href="http://www.loyno.edu/~edgros/images/ind12.html">buy cheap generic cialis</a>|<a href="http://www.loyno.edu/~edgros/images/ind13.html">cialis sales uk</a>|<a href="http://campuscgi.princeton.edu/~pressman/.tmp/ind14.html">buy cialis now</a>|<a href="http://campuscgi.princeton.edu/~pressman/.tmp/ind15.html">buy cialis online</a>|<a href="http://campuscgi.princeton.edu/~pressman/.tmp/ind16.html">cialis online</a>|<a href="http://www.umbc.edu/staffawards/ind17.html">buy online order cialis</a><a href="http://www.umbc.edu/staffawards/ind18.html">online cialis buy</a>|<a href="http://www.umbc.edu/staffawards/ind19.html">buy cialis online</a>|<a href="http://informatica.cecyteh.edu.mx/EXPO/ind2.html">brand name cialis</a>|<a href="http://informatica.cecyteh.edu.mx/EXPO/ind20.html">levitra vs cialis</a>|<a href="http://informatica.cecyteh.edu.mx/EXPO/ind21.html">cialis tablet</a>|<a href="http://www.mc.edu/campus/images/ind22.html">low price cialis</a>|<a href="http://www.mc.edu/campus/images/ind23.html">cialis generic cialis</a>|<a href="http://www.mc.edu/campus/images/ind24.html">cialis cost</a>|<a href="http://ftp.gces.ylc.edu.tw/albums/album01/ind25.html">cialis online pharmacy</a>|<a href="http://ftp.gces.ylc.edu.tw/albums/album01/ind26.html">cialis best buy</a>|<a href="http://ftp.gces.ylc.edu.tw/albums/album01/ind27.html">drug cialis</a>|<a href="http://stphilomenasmoree.nsw.edu.au/calendar/includes/ind28.html">buying cialis online</a>|<a href="http://stphilomenasmoree.nsw.edu.au/calendar/includes/ind29.html">low cost cialis</a>|<a href="http://stphilomenasmoree.nsw.edu.au/calendar/includes/ind3.html">cialis pharmacy</a>|<a href="http://www.tlgc.edu.hk/academic/ind30.html">generic cialis online</a>|<a href="http://tsofaq.cc.gatech.edu/pdf/ind31.html">cialis prescription online</a>|<a href="http://tsofaq.cc.gatech.edu/pdf/ind32.html">buy low price cialis</a>|<a href="http://tsofaq.cc.gatech.edu/pdf/ind33.html">buy generic cialis</a></div>
    ?>

    Where did all that spam come from? How did it get in index.php?

    Using WP 2.0.5 (upgrading now, to 2.1)

  2. Chris_K
    Member
    Posted 7 years ago #

    Are the permissions on index.php set to world writable?

  3. scsupport
    Member
    Posted 6 years ago #

    Hi,

    I have WP 2.2.3 and I got the same problem with a client of mine. Everyday there is a bunch of cialis/ viagra links added to my index.php files ... and not just index.php files of wordpress ... any index.html files throughout the directory structure.

    The permissions on index.php are: -rw-rw-r--

    What is the correct permission level?

    What should I do?

  4. Chris_K
    Member
    Posted 6 years ago #

    644

    Change the site password(s).

    Monitor the logs.

    Consider contacting the host if you can't figure out how folks are getting in and ask for help.

  5. scsupport
    Member
    Posted 6 years ago #

    I already did all that, still got hacked. I have a feeling they are running some script via a wordpress plugin or something.

    Yesterday I changed some index.html files to 444, and they could not add the viagra/cialis related links on those files.

  6. macsoft3
    Member
    Posted 6 years ago #

    >Change the site password(s).

    Use special characters, Greek ones and lowercase & upper case characters to make up a password for WordPress, control panel of your web hosting and MySQL database. Some web hosting companies won't let you use Greek characters, and others do.

    You may want to remove suspicious plug-ins. I don't know where your website is located. So that's all I can say for now.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.