Forums

WordPress › Support » How-To and Troubleshooting

I've been hacked (not harmful but added lots of hidden links) (8 posts)

  1. joyeriastv
    Member
    Posted 8 months ago #

    Hello, I don't know why, but today I checked the code and I found in every page close to the </body>

    [Links moderated.]

    Could anyone help me how to fix this? any good security plugin? (please dont say askapache) and I did several backups time ago with the "wordPress Database Backup"

    Thanks in advance!!har

  2. esmi
    Theme Diva & Forum Moderator
    Posted 8 months ago #

    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

  3. joyeriastv
    Member
    Posted 8 months ago #

    ok thanks

  4. joyeriastv
    Member
    Posted 8 months ago #

    I've found a full wordpress folder with all the files, the links are found in /mysite/wp-content/plugins/wordpress/wp-includes/js/tinymce/plugins/inlinepopups/skins/clearlooks2/img/
    there I find files like csi with several: Ip | number
    2 php files like:

    [Code moderated as per the Forum Rules. Please use the pastebin]

    an interesting file rlf:

    05-09-2011 - 4
06-09-2011 - 7
07-09-2011 - 7
08-09-2011 - 3

    a cnf file:

    [Code moderated.]

    and finally, lb file with the annoying links.

    The question is, which kind of vulnerability am I suffering? how to prevent it and how to fix this (I would just remove that wordpress folder into the plugins one).

    Thanks for your time!

  5. joyeriastv
    Member
    Posted 8 months ago #

    here I include more code: http://pastebin.com/pfdmdbpJ

    I wish I could prevent this attack If I know wich WP security plugin to use or which kind of vulnerability I have

  6. esmi
    Theme Diva & Forum Moderator
    Posted 8 months ago #

    It's a hack! There are no "types" of hack as such. Every one is cleaned up using the same steps referred to in the resources I linked to above. There is no magic plugin that you can use to clean this up. After you've sorted it all oput, try looking at Hardening_WordPress.

  7. joyeriastv
    Member
    Posted 8 months ago #

    dear esmi, I think its an injection of code that allowed to upload files, I've used several security plugins and said my security is nice (folder permissions, passwords strength, etc...)

    For now I renamed the last folder (should I remove the entire wordpress folder which is into plugins one?) and then links dont appear, but I am affraid the hacker can be angry and attack again my site, what should I do?

    I am not an expert to read the full tutorials, and I bet with all the details someone could collaborate with clear knowledge about how to prevent it or what is this about.

  8. bipies
    Member
    Posted 8 months ago #

    there is a "trojan" php file wich, once uploaded "somehow" to a host, it can do whatever the """"""""""""""""hacker"""""""""""""""""" wants; changing htaccess to redirect your domain to a malware site, change chmod's, create and delete directories,,,,, and go on.

    So, only with this "hack" you are ***** how they upload this file? dunno, how the hell we can check our files? dunno, but I fought against this, and the fight was more than 2 months long over 4 of my websites..... :@

Reply

You must log in to post.

About this Topic

Tags