Posted 2 years ago #
My blog got hacked. Somebody modified my header.php file. So I deleted the header.php file, changed all my passwords, and then upgraded to WordPress 2.9.1. My custom header is gone but worse than that, the link to Site Admin doesn't do anything.
I can see where the wp_register() function calls the admin_url() function, but that function is being ignored and doesn't return anything.
Can anybody help me re-enable the Site Admin link?
Posted 2 years ago #
Can you go directly to the Admin page successfully?
http://www.YourSite.com/blog/wp-admin/
or
http://www.YourSite.com/wp-admin/
-WCC
Posted 2 years ago #
No, that URL takes me to the main blog page.
Posted 2 years ago #
Do you have this problem with the default theme? Since you can't login, rename your current theme via FTP and then visit the site. WP will revert to the default theme (which obviously must be in the wp-content/themes directory).
Did you do anything other than delete the one header.php file? The hacker could well have compromised far more than just that one file. This could even include compromising your database.
Posted 2 years ago #
I have already switched to the default theme. I am able to logon, but not able to navigate to the Site Admin page using the navigation link. I can get to the Site Admin page by clicking on an "Edit" link when I am logged on as an administrator, but users are not allowed to edit, so they cannot get to the admin page at all.
Posted 2 years ago #
Ok. I'll ask again, "Did you do anything other than delete the one header.php file?" If not, you may need to look around some more.
Posted 2 years ago #
I downloaded the entire structure to my local hard drive, where my virus detector alerted me that the header.php file was infected. The virus software deleted that file from my hard drive so I used my FTP utility to delete that file from the blog site. I ran a virus scan on the entire blog structure and found nothing more.
Next, I upgraded my blog to WordPress 2.9.1 and began testing. The link to Site Admin was broken so I switched to the default theme. The link was still broken.
Is the admin_url() function in the load-styles.php file supposed to look like this?
/**
* @ignore
*/
function admin_url() {}
Posted 2 years ago #
admin_url() is OK.
I don't know if I'd really trust a virus scanner to find web-hacks, but at any rate a virus scanner isn't going to find things like broken or missing files and links to spam sites, and it isn't going to find database issues like users with elevated privileges.
When you upgraded did you delete everything and re-upload or did you try to over-write? Really, for any upgrade you should delete first then re-upload but it is especially important in your case.
Google 'wordpress hacked' and get reading, then get doing. Here are a few good links to start.
http://ocaoimh.ie/did-your-wordpress-site-get-hacked/
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
Posted 2 years ago #
Here's an update just so you know I'm not sleeping on the job:
I found a new administrative user in my database using this SQL:
SELECT u.user_login, u.user_nicename, m.meta_value
FROM wp_users u INNER JOIN wp_usermeta m ON u.ID = m.user_id
WHERE m.meta_key = 'wp_capabilities' AND m.meta_value LIKE '%administrator%'
I deleted the rogue user record using the WordPress Site Admin page. Then I changed all my passwords again.
Next, I deleted the entire contents of my blog and refreshed it with a new download of WordPress 2.9.1. That fixed me up with no themes and no plug-ins, but still did not enable me to navigate to the Site Admin page.
Since I was having so much fun, I renamed all the table prefixes in my database to make it a little more hacker-proof. Now I am unable to navigate to the Site Admin page even from an edit link. I get the message, "You do not have sufficient permissions to access this page." every time I logon as administrator.
It looks like all administrative permissions have been removed. I will continue working on this tomorrow. Maybe I will wipe out the blog and start over.
Posted 2 years ago #
Good job finding the rogue user.
If you renamed your databases you need to make sure you give WP the new prefix.
Posted 2 years ago #
My Site Admin link still does not work.
I can get to the Dashboard page by manually entering
http://www.YourSite.com/blog/wp-admin/index.php
Once at the Dashboard page, I can use the link at the top to "Visit Site" I can also navigate to the Dashboard by clicking on the "Edit" link under the sample post.
So I am really back where I started, except now I don't have anything in my database. (That's actually OK with me because I can restore the data after I fix the Site Admin link problem.)
I deleted everything, including the database tables. I installed a completely new WordPress 2.9.1 and ran the Install routine. My blog is completely empty except for the single message and comment created by the install routine.
I changed my admin password and the table prefixes (using wp-config), and added this htaccess file:
# secure htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
DirectoryIndex /blog/index.php
DirectoryIndex /blog/wp-admin/index.php
# BEGIN WordPress
# END WordPress
I really don't understand the htaccess file so I suspect this could be my problem. Does anybody know what I can do to fix this?
Posted 2 years ago #
This fix is probably specific to WordPress 2.9.1, and here's what I did to fix the Site Admin link:
Edit the file wp-includes\general-template.php
Look for the function wp_register() on line 232. Inside that function is a line (line 240) that builds the href for the link to Site Admin. I added the filename "index.php" after the call to admin_url().
$link = $before . '<a href="' . admin_url() . '">' . __('Site Admin') . '</a>' . $after;
The line of code looks like this now:
$link = $before . '<a href="' . admin_url() . 'index.php">' . __('Site Admin') . '</a>' . $after;
Posted 2 years ago #
Sounds like you have a htaccess somewhere that is changing the DirectoryIndex directive to something other then index.php ...
An example of such a piece of code might look like this..
DirectoryIndex index.htmlIn turn whenever you request a directory, it's not looking for index.php first ..
I could be wrong ... (check your htaccess files) ..
Posted 2 years ago #
Here's what I have in my .htaccess file:
Options -indexes
DirectoryIndex ABC_Main.shtml
DirectoryIndex /blog/index.php
DirectoryIndex /blog/wp-admin/index.php
# BEGIN WordPress
# END WordPressIs the DirectoryIndex for "ABC_Main.shtml" conflicting with the DirectoryIndex for "/blog/wp-admin/index.php" ??
Posted 2 years ago #
Possibly, i don't know a great deal about them, try removing custom rules/directives just to see if it has an effect... should only take a few moments..
Just an idea.. :)
This topic has been closed to new replies.
