WordPress.org

Ready to get started?Download WordPress

Forums

Repeated, Consistent Hacking - Protection? (7 posts)

  1. vk3
    Member
    Posted 2 years ago #

    For the last month or two I've been experiencing consistent, repeated hacks on the same WordPress blog - as far as I can tell, both the FTP and wp-admin passwords are secure, certainly not something easily "hackable".

    I came online this morning to see this high traffic sites injected with this freaking code again - I've cleaned and secured this same blog at least half a dozen times now and it NEVER seems to help!

    I'm super frustrated and would appreciate any help.. I'm at my wits end and this is a very important project that I need to keep secure.

    By the way, I'm running Windows 7, using FireFox.

    WordPress is completely up to date, running 3.3.1 - I'm using the Genesis framework and that's completely up to date, too.

    Symptoms:

    - this code injected near the footer:

    [ Do not post malware code here. ]

    - on page load the java icon pops up on the task bar - on one occasion the script closed my browser and infected my computer with some type of malware/virus - I had to restore to get back up and running - other times the java icon loads and then nothing happens

    - I found "php.ini" under the root directory of the WordPress install - it contains:

    [ 1,000+ lines moderated. Honestly, do not do that again. Use pastebin.com instead if you must. ]

    I'm really truly at my wits end here - if you're good with WordPress, I'll definitely consistent paying you to secure this blog for me.

    Unfortunately, I didn't know what else to do, so I re-installed WordPress on the live site - I did take the ZIP of the old installation, in case anyone would like to take a look.

    Thanks in advance for any guidance!

  2. vk3
    Member
    Posted 2 years ago #

    UPDATE: re-installing a fresh version of WordPress seemingly has gotten rid of any traces of the hacking - so does this mean it doesn't seem to be theme based, but injected into WordPress itself?

  3. For the last month or two I've been experiencing consistent, repeated hacks on the same WordPress blog

    If that's true then you've not deloused your installation properly.

    Start working your way through these resources:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    http://sitecheck.sucuri.net/scanner/
    http://www.unmaskparasites.com/

    http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

    re-installing a fresh version of WordPress seemingly has gotten rid of any traces of the hacking

    If that worked that's good. But go through that list of reading material. Often hacks occur because of an insecure server and re-installing WordPress will not address that.

  4. vk3
    Member
    Posted 2 years ago #

    Thank you, Jan - I'll read into the links you sent over - I appreciate it very much!

  5. adpawl
    Member
    Posted 2 years ago #

    vk3, First - check your pc (av, kaspersky tdskiller, combofix, malvarebytes...)
    Next, install fresh copy of your ftp software, and don't save passwords.
    Next, change ftp pass and wp admin pass.
    Then check your themes and plugins not contain malicious code. Check .htaccess file and wp-config.php file. Look to uploads folder.
    Check files by modyfication time and look for files which is not in the original wp package.
    Update all plugins.
    Maybe your theme use outdated or insecure timthumb?

  6. jessn
    Member
    Posted 2 years ago #

    Who is your hosting company? If you're on a shared server it might be coming through the server, rather than an insecurity in your site. We had that same problem, being repeatedly hacked, and found out that because we were on a shared server and that most of the other WordPress websites on that server were also hacked, it didn't matter how much we cleaned up or secured the site - the hacker kept getting in. We eventually had to move to another host.

  7. vk3
    Member
    Posted 2 years ago #

    @adpawl - thank you for those suggestions - I'll look through and research - I'll also make sure to give my computer a thorough cleaning and change up all password - thanks!

    @jessn - ahh, good point there! - we are on shared hosting.. getting it off there and secure on a new hosting account is definitely a great idea, thanks for that!

Topic Closed

This topic has been closed to new replies.

About this Topic