WordPress.org

Ready to get started?Download WordPress

Forums

Site Hacked w/Cialis links in posts --help! (8 posts)

  1. hgooger
    Member
    Posted 3 years ago #

    My site (www.thegoogers.com) has recently been hacked and links for cialis have been placed within posts and in my sidebar. I went through and deleted the links, changed password, made sure wordpress was running the newest version, and thought things were good. But the links showed up again today.

    I really am not sure what to do about this. I don't run many plugins and the only major change was a change to a premium theme (Standard 2.0) over Christmas. Beyond that, things have remained the same.

    Can any of you help me or give me a bit of direction? I'm really at a loss.

  2. Hi there, this sounds like the "pharma hack." Check out these articles & threads:

    How to Diagnose and Remove the WordPress Pharma Hack
    http://www.pearsonified.com/2010/04/wordpress-pharma-hack.php

    Understanding and cleaning the Pharma hack on WordPress
    http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html

    pharma hack
    http://wordpress.org/support/topic/pharma-hack?replies=12

    Have you kept your WP installation up-to-date? Do you have security precautions in place such as security plug-ins (WordPress File Monitor, Exploit Scanner, Secure WordPress), strong passwords, and other best practices? I suggest reading up on WordPress security - although there are no surefire ways to prevent hacking, there are a whole range of preventative measures you can take.

    Good luck!

  3. hgooger
    Member
    Posted 3 years ago #

    Wow. Thank you for all of this information!
    Yes, every time WP has a new version I upgrade, but I am unsure as to security precautions (translation: No, I don't have that). I'll have to check that and then get to work on the site.

    Thanks again!

  4. hgooger
    Member
    Posted 3 years ago #

    So this could be the pharma hack even though the links are actually within entries and are viewable to all?

  5. It may be a variant - whatever it is, you may want to go through the steps here to clean up everything permanently and prevent future attacks:

    FAQ My site was hacked
    http://codex.wordpress.org/FAQ_My_site_was_hacked

  6. danieleio
    Member
    Posted 3 years ago #

    Yes it's the pharma hack- I just got it too, and fixed it. I've written about it here:

    http://eidus.sg/2011/03/03/fixing-the-wordpress-pharma-hack-embedded-links-variant/

    I really hope my fixes work out, otherwise I'm going to be really angry/bummed.

  7. Matt
    Member
    Posted 3 years ago #

    Some good plugins to keep in mind (security minded):
    Admin Bar Removal
    Block Bad Queries
    Login Lockdown
    Theme My Login / WP Hide Dashboard
    Wp-Security-Scan

    As well as the treasure trove of info provided above.

Topic Closed

This topic has been closed to new replies.

About this Topic