WordPress.org

Ready to get started?Download WordPress

Forums

spam hijack in blog WTF (8 posts)

  1. Anonymous
    Unregistered
    Posted 6 years ago #

    My blog appears to have been hijacked with code injection

    see http://www.stanmooreracing.co.uk/wordpress/index.php and view source for mass of 'hidden' links to pharmaceuticals.

    Questions - how did that happen and how to get rid of it

  2. Anonymous
    Unregistered
    Posted 6 years ago #

    OK I fixed that but how can anyone get in and edit my header.php file?

  3. rawalex
    Member
    Posted 6 years ago #

    Are you sure they did it by editing your header.php file? Most of those problems are injections via xmlrpc.php

  4. rawalex
    Member
    Posted 6 years ago #

    also you might want to upgrade to maybe 2.5.1 - your current version 2.0.2, a little out of date perhaps?

    <meta name="generator" content="WordPress 2.0.2" />

  5. KDesigns
    Member
    Posted 6 years ago #

    I've recently read about this type of thing happening. It seems they exploit something with the theme editor to edit theme files from what I recall.

  6. Anonymous
    Unregistered
    Posted 6 years ago #

    thanks for the quick responses

    1 I know I should upgrade but given some horror stories posted elsewhere I've been too scared to do that just yet - is 2.5.1 a preferable upgrade to 2.6?

    2 the code I deleted to clean up was actually in my header.php file, when I looked at it via the edit function within wordpress admin... now maybe it got there from some injection mechanism - where to look for that b@~#ard?!

  7. KDesigns
    Member
    Posted 6 years ago #

    1. Make sure your template files are on lockdown. This will require an external editor to to edit the files then and you won't be able to use the theme editor

    2. Consider getting rid of the theme editor php file in the admin area.

    Here's a link to a Google search. Didn't have an opportunity to peruse all the sites but you might be able to find some additional ideas/help in some of the links: Google Search

  8. mrmist
    Forum Janitor
    Posted 6 years ago #

    The most likely reason that you were hacked is because of running the older code base. Exploits similar to what you describe are fairly well-known, and will most likley continue until you clean your site in an upgrade.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags