WordPress.org

Ready to get started?Download WordPress

Forums

My sites got hacked (15 posts)

  1. Joacim
    Member
    Posted 2 years ago #

    Many of my sites got hacked one after another. Don't know what the issue is but i have deleted and created new users for every site.

    The hack doesn't seam to do so much damage. It's only a few line of code in every root file of my wordpress installation. Every file from index.php - xmlrpc.php has been affected.

    If it happen one more time i will share the code, dum of me not to save it.. If i find it i will post it here.

    Anyone with the same problem?

  2. blograzzi
    Member
    Posted 2 years ago #

    Do you use any FTP program?

  3. Joacim
    Member
    Posted 2 years ago #

    Yes FileZilla

  4. Joacim
    Member
    Posted 2 years ago #

    this is what i get when the sites got hacked :P

    Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ',' or ';' in /???/?/???????/index.php on line 5

  5. blograzzi
    Member
    Posted 2 years ago #

    Yes, Maybe

  6. Joacim
    Member
    Posted 2 years ago #

    so u have the same problem?

  7. esmi
    Forum Moderator
    Posted 2 years ago #

  8. Joacim
    Member
    Posted 2 years ago #

    5 sites hacked echo

    [ Do not post malware code here. ]

    here is the code that is popping up all the time

  9. Joacim
    Member
    Posted 2 years ago #

    thanx esmi

  10. perezbox
    Member
    Posted 2 years ago #

    @joacim Did you get this figured out or are you still struggling?

    Sounds like a vulnerability was found and once in it just replicated itself. Changing the passwords are good, but you're going to want to find the backdoor that is letting theme in to ensure it doesn't happen again.

  11. jexley
    Member
    Posted 2 years ago #

    Same thing is happening all around the world mate, my story's on my website: http://www.jexanalytics.com/2012/02/wordpress-sites-all-hacked/

    Sounds like there's no real fix for it other than the flockshoot approach of locking everything down and then removing the malicious code.

    Good luck!

  12. Joacim
    Member
    Posted 2 years ago #

    Okey, it's no big deal and it doesn't do anything i think. But it has been a while now since the last attack..
    Thanx for the replay this is great :)

  13. Joacim
    Member
    Posted 2 years ago #

    @perezbox yet i have not found the backdoor but have removed the code a few times. Like i said, it has been a while now since the last attack.

  14. Joacim
    Member
    Posted 2 years ago #

    attack today at 5 sites again. Now i'm really going to fix this, i will follow your link jexley.

  15. perezbox
    Member
    Posted 2 years ago #

    @joacim are you using any kind of auditing that would allow you to see the activity on your instance? Anything that tracks IPs and or checks for integrity? Also, what have you done to harden your environment?

Topic Closed

This topic has been closed to new replies.

About this Topic