Posted 1 year ago #
Many of my sites got hacked one after another. Don't know what the issue is but i have deleted and created new users for every site.
The hack doesn't seam to do so much damage. It's only a few line of code in every root file of my wordpress installation. Every file from index.php - xmlrpc.php has been affected.
If it happen one more time i will share the code, dum of me not to save it.. If i find it i will post it here.
Anyone with the same problem?
Do you use any FTP program?
Posted 1 year ago #
Yes FileZilla
Posted 1 year ago #
this is what i get when the sites got hacked :P
Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ',' or ';' in /???/?/???????/index.php on line 5
Yes, Maybe
Posted 1 year ago #
so u have the same problem?
You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/
Additional Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
Posted 1 year ago #
5 sites hacked echo
[ Do not post malware code here. ]
here is the code that is popping up all the time
Posted 1 year ago #
thanx esmi
Posted 1 year ago #
@joacim Did you get this figured out or are you still struggling?
Sounds like a vulnerability was found and once in it just replicated itself. Changing the passwords are good, but you're going to want to find the backdoor that is letting theme in to ensure it doesn't happen again.
Posted 1 year ago #
Same thing is happening all around the world mate, my story's on my website: http://www.jexanalytics.com/2012/02/wordpress-sites-all-hacked/
Sounds like there's no real fix for it other than the flockshoot approach of locking everything down and then removing the malicious code.
Good luck!
Posted 1 year ago #
Okey, it's no big deal and it doesn't do anything i think. But it has been a while now since the last attack..
Thanx for the replay this is great :)
Posted 1 year ago #
@perezbox yet i have not found the backdoor but have removed the code a few times. Like i said, it has been a while now since the last attack.
Posted 1 year ago #
attack today at 5 sites again. Now i'm really going to fix this, i will follow your link jexley.
Posted 1 year ago #
@joacim are you using any kind of auditing that would allow you to see the activity on your instance? Anything that tracks IPs and or checks for integrity? Also, what have you done to harden your environment?
This topic has been closed to new replies.
