WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] My wordpress hacked - Injection? auto.im redirect (15 posts)

  1. mayonaishe
    Member
    Posted 1 year ago #

    Hey, i think my site has been hacked by some kind of code injection attack. It redirects to auto.im (searchresultsguide) when some menu items are clicked. it is happening to everyone on different systems and networks, does anyone know how to fix this? thanks!

  2. esmi
    Forum Moderator
    Posted 1 year ago #

  3. mayonaishe
    Member
    Posted 1 year ago #

    I have read through the above and taken the steps it suggests but i could not find any malicious code on my site which has left me stuck. I am now protected from it happening again but the issue is still present.

  4. mayonaishe
    Member
    Posted 1 year ago #

    Interestingly the redirect doesnt happen when using adblock, so if there is a way to view the ads it is blocking it should surely display the code that is the problem?

  5. esmi
    Forum Moderator
    Posted 1 year ago #

    Site url?

  6. mayonaishe
    Member
    Posted 1 year ago #

    unorthodoxmusic.co.uk - i am able to view the add in adblock but cant find the code or where it could be

  7. esmi
    Forum Moderator
    Posted 1 year ago #

    A scan of your site is not showing any problems.

  8. mayonaishe
    Member
    Posted 1 year ago #

    I have also scanned my site and found that there was no problem, however if when using the site you select a category such as general / other you will see that it is redirected :(

  9. esmi
    Forum Moderator
    Posted 1 year ago #

    Perhaps the problem is at your end. When did you last scan your computer?

  10. mayonaishe
    Member
    Posted 1 year ago #

    Its scanning right now, It came up clean yesterday and this problem has been present for a few days, many other users are also telling me they are getting this problem, and i am getting it on multiple systems on different networks. I just wanted to say thanks for your help so far too!

  11. mayonaishe
    Member
    Posted 1 year ago #

    Okay so after a few hours investigating i seem to have fixed it, This code was inserted into one of the php files on my site

    [Code moderated. Please do not post hacker code blocks in the forums. Please use the pastebin]

    Clearly to me that looks like encrypted code and on removing it the site is fixed.
    It was hidden in the Main Index Template (index.php) Hopefully this post will now be of some use to people with this problem?

  12. jagl007
    Member
    Posted 1 year ago #

    Please help me, i have the same problem, can you post with pastebin the code, i can't found it.

  13. mayonaishe
    Member
    Posted 1 year ago #

    Sorry mate, didn't realize i couldn't post the code here - try this http://pastebin.com/Z9qCgABn

  14. jagl007
    Member
    Posted 1 year ago #

    Really thanks, i found this code in (header.php) in my theme, You solved my problem, thanks, thanks. but Why does this happen?,

  15. mayonaishe
    Member
    Posted 1 year ago #

    Glad i have helped, i'm no expert but thought that would be what was causing it. It happens because someone decided to hack you, possibly because they are getting paid for hits to auto.im. They prolly injected the code via the comments system if you have one. if not they may have hacked your site and uploaded it via ftp

Topic Closed

This topic has been closed to new replies.

About this Topic