Forums

WordPress › Support » How-To and Troubleshooting

Need Help with odd issue after last post....hacked?? (9 posts)

  1. pookieguy
    Member
    Posted 2 years ago #

    Hello,
    I'm wondering if someone can help me with an issue I just had a few minutes ago after making the latest post.

    After this post was made, I quickly found the permalinks or clicking on any of the post articles would results in the following...

    "Bad Request"
    Your browser sent a request that this server could not understand."

    After some troubleshooting, I now find that all links to the actual posts have the following "garbage" or something similar in them...

    "%&%28%7B$%7Beval%28base64_decode%28$_SERVER%5BHTTP_REFERER%5D%29%29%7D%7D|.+%29&%"

    If you take this out, everything is fine! How the hell did this happen? The only thing I could think of is that I have been hacked.

    Why do I think this? Well, I currently run a WordPress forum but used to run phpBB. While I did link to the WordPress built-in forum, I did not delete the phpBB forum directory and when I clicked on my "Forums" link when I discovered this issue, it would actually oddly link back to the super old phpBB forums directory. This leads me to believe it was hacked this way.

    Anyways,
    I have deleted the phpBB forums directory but need help on how to get the article links working again and removing this junk info that appears on every link.

    As always, any help is greatly appreciated!!

    --mike

  2. songdogtech
    Member
    Posted 2 years ago #

    Post your site URL or one of those full links with the base 64 code so other people can check it out.

    And see How to Completely Clean a Hacked WordPress Install

  3. pookieguy
    Member
    Posted 2 years ago #

    Hello,
    Thanks for the reply.

    The Site:

    http://www.concealthis.com

    If you try and click on any of the articles, it has that embedded in the links now and they are obviously broken.

    Any help fixing this is greatly appreciated!! :)

  4. alism
    Member
    Posted 2 years ago #

    Yes, hacked. :-(

    Edit your Permalinks, you'll probably be able to remove the code that's been inserted there. Check for new Admin users. Does the count of Admin users show as more than are listed?

    Upgrade to the latest version. Change your passwords. Read that link songdogtech posted above.

    Keep your WordPress version updated...

  5. pookieguy
    Member
    Posted 2 years ago #

    Thanks for the quick reply.

    How do I edit the "full" permalink? I hit edit on a post and it doesn't let me highlight the entire permalink in order to remove the garbage that breaks it.

    ??

  6. alism
    Member
    Posted 2 years ago #

    Admin > Settings > Permalinks

  7. pookieguy
    Member
    Posted 2 years ago #

    Yeah, I'm an idiot. Thanks. lol

    Thank you all for the help. Apparently, the "hacker" set a custom permalink. I set it back to default and all is fine.

    To answer the other questions...

    I see only one Admin and no more listed. I've gone through practically everything and don't see anything strange. Should I assume it is OK and just go ahead and update to latest build?

    I have backups of course...

    Thanks again.

    --mike

  8. whooami
    Member
    Posted 2 years ago #

    I see only one Admin and no more listed. I've gone through practically everything and don't see anything strange. Should I assume it is OK and just go ahead and update to latest build?

    did you LOOK in the database? do not depend on your wp-admin for this check.

  9. pookieguy
    Member
    Posted 2 years ago #

    Just went through phpMyAdmin and checked everything for the last half hour. All looks good and just upgraded to latest build! Thank you all! :)

    For those who may encounter the same issue, it appears they hacked the site via phpBB actually. This was a forum I was using with WordPress, but switched it to an integrated plug-in solution. My mistake? Not deleting the phpBB forums directory, which was heavily hacked BTW!

    That explains why they managed to change my forums link to point back to this old phpBB directory.

    Man, I hate spammers. They are like that thing that builds in your eyes when you wake up in the morning. Pure scum!!

    Best Regards,

    --mike

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.