WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] My blog is hacked (9 posts)

  1. ahaseg
    Member
    Posted 5 years ago #

    hi,

    My blog is hacked by someone.

    Someone inserted a long advertisement as below just after the <body> tag.

    <div style="position:absolute;left:-48667px;top:-65558px"><!--779212266--><h1>sony ericsson k300i downloads</h1> Nokia <a href="http://www.jjsdesign.net/forum/?info-about=632" title="sony k300i downloads ericsson">sony k300i downloads ericsson</a>
    ........
    in our database that you can offer on your site! </div>

    This kind of advertisement appeares in the index page and archive pages, doesn't appear in the 404 error page.

    I have upgraded WordPress to 2.7.1 and turned off all plug-ins, and using the default theme, however it appears.

    Is there anyone know how to fix it, or the similar case?

  2. Roy
    Member
    Posted 5 years ago #

    Did you switch to default theme or did you already use it? I guess your theme has been messed with.

  3. ahaseg
    Member
    Posted 5 years ago #

    Gangleri,

    After I found this I re-installed the default theme. I mean I copyed the wp-content/themes/default/ folder from the original zip file.

    thanks

  4. Roy
    Member
    Posted 5 years ago #

    And still spam?

  5. ahaseg
    Member
    Posted 5 years ago #

    Yes still,

    I found there are some sites hacked like me:
    http://tinyurl.com/d9mmnr

  6. Roy
    Member
    Posted 5 years ago #

    Well, in that case they've messed with the core files or the database (but I don't find the latter likely). On the other hand, you said you've upgraded, so the WP files should have been replaced too. I'm afraid that leaves me without further suggestions... Well maybe one: have a look at your database and see if there's something fishy. It seems the only thing that hasn't been 'replaced by fresh copies' so to say.
    [edit] One more suggestion: deactivate all your plugins, see if the spam is gone and reactivate them one by one to see if it's one of those.

  7. ahaseg
    Member
    Posted 5 years ago #

    Gangleri,

    I found that wp-config.php was cracked.
    Someone inserted cracked code into all .php files.
    I replaced all files except wp-config.php file...

    I made new wp-config.php and now there are no spam.

    Thank you very much.

    ahaseg

  8. Roy
    Member
    Posted 5 years ago #

    That's great (but worrying). Now change ALL passwords (FTP, database, control panel, WordPress), perhaps even make a new admin user (with a different name) and do some "hardening".

    You don't just want to patch, since you don't know how they got in.

    Roy

  9. UseShots
    Member
    Posted 5 years ago #

    What version did you have before the upgrade?

    Scan your server for any suspicious files. Check file permissions. Most files should be read-only.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags