Forums

WordPress › Support » How-To and Troubleshooting

My Blog Hacked Via Facebook Networked Blogs (7 posts)

  1. iandsmith
    Member
    Posted 2 years ago #

    Something's happened to my blog today. A user told me there was a trojan warning. I looked and it was opening Adobe, giving a file damaged message and redirecting to China TV. I was running 2.8.1. I updated to 2.9.1, and changed the password, but it still did it. One of the URLs it was waiting on was Facebook's Networked Blogs, (guess what? I just networked it on Facebook) so I took the Networked Blog ID code out, and that seemed to fix the redirection, but I still see "waiting for itsalbreaksoft.net" and "paymoneysystem.info". Don't know how to Un-Networked Blogs it in Facebook. Block App I guess. Damn, wish I'd never gone near Faceboob with my blog.

  2. Samuel B
    moderator
    Posted 2 years ago #

    you likely still have something in one of the files or the database - which upgrading would just bring along with it anyway

    here are 2 links you need to look at closely to clean your blog and understand this crap

    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

    http://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    then when blog is cleaned
    http://codex.wordpress.org/Hardening_WordPress

  3. iandsmith
    Member
    Posted 2 years ago #

    Bad news. I followed the instruction, deleted the whole WP, reinstalled it, but AVG still detected the JS-downloader.agent trojan.

    My .htaccess looks like this:

    # BEGIN WordPress

    # END WordPress

  4. LesleyJ
    Member
    Posted 2 years ago #

    This is happening on my friends site. I will tell her to look here
    Thanks

  5. iandsmith
    Member
    Posted 2 years ago #

    I hope I'n not speaking too soon, but several hours after spending all day following How To Completely Clean Your Hacked WordPress Installaion, and then finding the trojan warning still appearing, I just tried it out and it all looks to be okay. Thanks, Samboll.

  6. Samuel B
    moderator
    Posted 2 years ago #

    probably was browser cached

  7. qmagnets
    Member
    Posted 2 years ago #

    Had the same problem. Mine also redirect to blueseek.com as well as China TV.

    Have a look at this post...
    http://forums.digitalpoint.com/showthread.php?t=1682821

    I simply changed my theme and the redirect problem was gone. I think the trojan (or what ever it is) might exploit a vulnerability in the themes.

    Does anyone know what to look for in the code of the files in the themes? Could it be a simple matter of locating the code and deleting it?

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags