Forums

WordPress › Support » How-To and Troubleshooting

Major Hacks Into WordPress [HELP?] (3 posts)

  1. geolitjon
    Member
    Posted 2 years ago #

    So I recently saw some unauthorized files in my folders, including index.php files that contained odd code, which actually redirected to another site.

    I called my host [GoDaddy] and believe it or not, they don't keep FTP logs. I changed my password, but lo-and-behold, the unauthorized files continue to be added.

    I was just about to give up, until I took a look at the backlinks going to my site.

    It appears that this is a massive-scale hacking attempt across multiple sites, and all of them have happened within the last few weeks. I'm not sure if all of the sites are wordpress sites, but most of them are, which makes me think there must be some sort of vulnerability somewhere.

    Of course, I've deleted the files, and (fingers crossed) they won't reappear, but I have a list of all of the sites that contain the weird links in the footer. Is there some sort of common vulnerability that they all have? I'm tearing my hair out trying to figure it out [note the hidden links in the code in the footer]?

    http://stephanie.materns.com/
    http://savemisterrogers.com/
    http://www.leadingtoday.org/
    http://theskinnywebsite.com/site/
    earfarm.com/features/daily-feature/monday/2010
    http://www.esart.com/blog/
    http://electronicexplorations.org/the-show/week-047-drumcorps/
    http://www.dailywireless.org/2009/02/06/2009-mobile-world-congress/
    http://privacycouncil.org/
    http://www.greenmamma.org/blog/
    http://www.lunch20.com/2007/04/27/lunch-20-linkedin/
    http://evil-e.org/
    http://www.drdzoe.com/
    http://iohanet.org/
    http://electricbeach.org/?p=147
    http://www.therightperspective.org/2009/01/05/mallgate-broadsides-clintons/
    http://www.durf.org/
    http://feministlawprofessors.com/?p=8389
    http://www.pcs.org/win-big-at-this-years-gala-bright-lights-havana-nights/
    http://www.lunch20.com/2007/09/12/lunch-20-oracle/
    http://www.thecriticalcondition.com/2009/02/17/when-reality-shows-approach-reality/
    http://www.bigdbahead.com/?p=672
    http://metroriderla.com/2009/01/01/2009-the-year-in-transit/
    http://eyeonwilliamson.org/?p=4065
    http://www.imprintsjournal.com/
    http://www.casavaria.com/cafesentido/2008/12/25/980/doctors-without-borders-lists-top-ten-humanitarian-crises-at-end-of-2008/
    http://www.nickhodge.com/blog/archives/2150

  2. doodlebee
    Member
    Posted 2 years ago #

    >>which makes me think there must be some sort of vulnerability somewhere. <<

    yes, probably one of the sites on your shared server is the vulnerability. Someone probably has a poor password, didn't upgrade their WP version (IF it is indeed, WordPress and not some self-built thing) or left their file permissions wide-open. Just because you (and some other people on your server) are running WordPress doesn't necessarily mean it's WordPress. Obviously *someone* hasn't been paying attention to their security, and has compromised everyone.

    Contact your host. If it's across multiple sites, the *server* has been compromised, and they will want to know. They will also track down the source of the problem, and take the necessary steps to fix it.

  3. xinfo
    Member
    Posted 2 years ago #

    yaa there keep placing iframe i am tired of updating every day

    still i am using latest version 2.8.4 version

    well there place iframe only in index.php where ever it present in any folder

    eg:root index

    wp-inlude/index

    wp-admin/index and index-extra

    wp-content/index

    wp dev help us out from this hackers

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.