Forums

WordPress › Support » How-To and Troubleshooting

12

WordPress Hacked and Redirected ... Again (59 posts)

  1. Bob Smith
    Member
    Posted 4 years ago #

    Last week I got hit with this:

    http://wordpress.org/support/topic/179702?replies=8

    I upgraded WP to the latest version and restored backups and the problem seems fixed.

    Yesterday now when I click on my sites via Google I get redirected to http://anyresults.net

    Anyone have any ideas on how this happened again or any solutions?

    I wonder if it is problem with my host - Dreamhost - as blog I have with other companies are not affected. If anyone else is afected by this I am curious to know what host you are using.

  2. alexex622
    Member
    Posted 4 years ago #

    Hi bob, i also got redirected when i click my site from google. I didnt upgrade my WP blog eve since.... I wonder who owns this that anyresults.net .. I hope my site is not getting hacked :(. Im on server century. whats yours?

  3. Bob Smith
    Member
    Posted 4 years ago #

    i am on bourbon.

    i am going to try this solution.

    http://www.magpiebrain.com/blog/2008/06/01/wordpress-site-hacked/

    do anyone know how to find wp_options? i am a n00b at this database stuff : )

  4. carzine101
    Member
    Posted 4 years ago #

    Yep! I'm in Yahoo hosting and I just discovered yesterday that my site http://www.CoolBrit.net also redirects sometimes in Google. The bigger worry is that Google seems to be tossing out sites that get redirected to anyresults.net. I'm not sure if I'm still in Google. When I type CoolBrit.net my site isn't listed but when I type in Coolbrit it is still listed. Weird.
    I delayed the upgrade too. Do I just need to upgrade? Will this fix it all automatically?

  5. moshu
    Member
    Posted 4 years ago #

    wp_options, usually should be in your database

  6. Bob Smith
    Member
    Posted 4 years ago #

    i think i found it. but have zero idea on how to edit this : (

  7. carzine101
    Member
    Posted 4 years ago #

    I have no clue how to fix this. I don't think I ever created a backup. I guess wait for a manual fix to pop up on here, then try that. Interesting with Yahoo hosting I was prompted to upgrade but I guess it was a separate WordPress upgrade because Yahoo Hosting upgrades automatically. Meaning I would have to manually install the new version. So I don't think Yahoo has the latest version all the time. So some delay in keeping up to date with the latest version I guess.
    My redirect seems to be random - Every 10-12 visits searched on Google I think.

  8. Bob Smith
    Member
    Posted 4 years ago #

    i gave up. no one in the wordpress community cares about helping someone hacked by their buggy shit cms. i used to love them, but now i know why so many experienced webmasters think wp is shit.

  9. Bob Smith
    Member
    Posted 4 years ago #

    i got hacked with the latest version. so the comments of "you should have updated" are worthless. there are serious issues that are making some hacker fuck massive $$$. i'm sure thousands of blogs are making some asshole thousands in ppc income.

    don't wait for a easy solution. it isn't going to be coming from the "community"

    "wisdom of the crowd" my ass.

  10. ClaytonJames
    Member
    Posted 4 years ago #

    i gave up. no one in the wordpress community cares about helping someone hacked by their buggy shit cms. i used to love them, but now i know why so many experienced webmasters think wp is shit...
    ...so the comments of "you should have updated" are worthless. there are serious issues that are making some hacker...

    Bullshit.

    ahem... let me clear my throat. BULLSHIT. There, that's better.

    Your prior pleas for commiseration due to n00b-dom-ness ('yup, I just made that word up,) bring into question your qualifications regarding the regurgitation of such unenlightened statements.

    But I hope you sort it out ok. Being hacked sucks big time.

    Be well. Cj.

  11. Bob Smith
    Member
    Posted 4 years ago #

    any solutions sir?

  12. Bob Smith
    Member
    Posted 4 years ago #

    i've been talking with people who have used every solution put forward in this forum - and it hasn't resolved anything? solutions please?

  13. carzine101
    Member
    Posted 4 years ago #

    I have to mostly agree with Bob regarding this bug. The scary part is that Google might kick out sites that have this. Then what? We're dead in the water. I just found out that my other three sites have this too.
    I spent a couple of hours on the phone with my hosting company and we couldn't figure it out based on the explanation given on that other hack redirect solution.
    It looks like your right Bob about it hitting version 2.5.1 - Others are starting to get this too.

    http://www.askdamagex.com/t27457-wp-google-redirect-hack-is-back.html
    http://forums.digitalpoint.com/showthread.php?s=a910a8c6d69d8b455a43a32027e2638d&t=872446

  14. andre3
    Member
    Posted 4 years ago #

    While waiting for wordpress guys to fix this I did what I could, and this is what I figured out:

    This hack backdoors a random plugin (any of whichever plugins you have activated). You can switch your plugins off one by one, and test to see if the hack is still active. When you hit the right plugin, the site should be back to normal and the hack gone (for now). You are still vulnerable and it's very likely that they will hack you again. But for the time being you are OK. Just replace that plugin with a fresh copy and you can use it again.

    If you can't be bothered by looking for the right plugin, just overwrite your entire plugin folder with a saved plugin-folder containing all OK plugins.

    I can't wait to hear where wordpress went wrong to allow this to happen.

    I emailed the anyresults.net hosting company and domain registrar. The guy should soon have to start all over with a new domain. While we wait for the wordpress guys to fix this, you can call/email/fax the guys ISP and domain registrar, reporting this.

    From what I figured out, his ISP is ISPrime (isprime.com) and his domain registrar is publicdomainregistry.com

    Best Regards,
    Andre

  15. Bob Smith
    Member
    Posted 4 years ago #

    i just deleted all my plugins but issue still seems to be there unfortunately.

    yeah i reported him to publicdomainregistry.com and also helps to report him to the adult companies the redirect goes to sometimes.

  16. andre3
    Member
    Posted 4 years ago #

    I have a folder with untampered plugins (I use the same plugins on many blogs, so I found one that's not been tampered with). I then go to hacked wordpress wp-content/plugins/ and delete everything in the folder. Then I copy the untampered plugin folder's content in, and it all works fine. I don't even have to re-enable the plugins, because it's like they were never gone.

  17. whooami
    Member
    Posted 4 years ago #

    Hey "Bob"

    Your first post indicates your site was compromised before. Kudos for upgrading, but if you didnt clean out the hack -- youre just getting re-exploited.

    How about enlisting some outside assistance to look at your site and files? Im willing to do so, and can probably make some helpful general recommendations as well.

    email me at whoo at whoo.org if you want some help.

  18. andre3
    Member
    Posted 4 years ago #

    You would think that there would be patch/fix publicly available by now. Surely wordpress people must care what happens to their platform?

  19. Bob Smith
    Member
    Posted 4 years ago #

    just noticed another sites of my was hacked with this. a site on another server. site had the current version of wp installed. this is nuts.

  20. VRocKs
    Member
    Posted 4 years ago #

    Ohh.. It happens to all versions. This is a zero day never before seen exploit.

    This means people have been able to do this for years but didn't because having it was more important than using it. Some Russian douche got a hole of it and decided to redirect and get PPC money. I am sure he is making a minimum of $20K a day. Would be real nice if his account was frozen and he got none of the money.

  21. macsoft3
    Member
    Posted 4 years ago #

    In case anyone were interested, the website at anyresults.net is hosted by a web hosting company called ISPrime (www.isprime.com).

  22. tijja
    Member
    Posted 4 years ago #

    As far as a fix goes I tried everything that has been suggested and the problem remained. The I started replacing files to the original WP version (2.5.1 for the record) one folder at a time. For me the issue was in the main WP folder (where the index is)...once I replaced those the hack was gone.

  23. Bob Smith
    Member
    Posted 4 years ago #

    the domain registrar just told me they would do nothing without a court order : (

  24. Bob Smith
    Member
    Posted 4 years ago #

    i will try that tijja.

  25. jonimueller
    Member
    Posted 4 years ago #

    i gave up. no one in the wordpress community cares about helping someone hacked by their buggy shit cms. i used to love them, but now i know why so many experienced webmasters think wp is shit.

    Experienced web masters, huh? You sure about that? Experienced web masters know to upgrade immediately. Experienced web masters know how to access PHPMyAdmin and edit their database tables manually. Experienced web masters understand that a shared hosting environment is a breeding ground for hackery, as you are only as secure as the most UNSECURE guy sharing your server space.

    And the domain registrar is NOT the place to seek a takedown order. You go after the guy's ISP/web host. Not his registrar. What keeps him from setting up another domain somewhere else? You get him where it hurts by shutting his site down. Even if only temporarily. And you do that through his web host and no web host worth his salt would tolerate such hackery from any of its customers. (But an experienced web master would already know this.)

    I hope for your sake that you get it figured out.

  26. whooami
    Member
    Posted 4 years ago #

    honestly, the banter doesnt help. if there is an issue with 2.5.1 and it appears there *might* be -- complaining about 'it' here, while therapeutic, doesn't do anything except make more posts that dont lead to any resolution.

    You zip up your Apache logs, you zip up your files, and you send the stuff off to security@wordpress.org -- then you complain here :)

    Shit happens, it's an imperfect world -- and like it or not, the popularity of WP makes it one of the biggest targets on the web.

    (I cannot believe Im a voice of reason, and not ripping new assholes.) :)

  27. whooami
    Member
    Posted 4 years ago #

    On a side note, I am SOOOOOOOOOOOOOOOOOO happy I nullroute the 53000 or so IPs that I dont like, I cannot even comprehend having to be back on any kind of shared hosting environment where I was at the mercy of someone else.

  28. jonimueller
    Member
    Posted 4 years ago #

    I cannot believe it either. Maybe, like me, you just need some more caffeine? :D

  29. whooami
    Member
    Posted 4 years ago #

    Ive got my second 24-ouncer waiting for me in the kitchen.

  30. ClaytonJames
    Member
    Posted 4 years ago #

    (I cannot believe Im a voice of reason, and not ripping new assholes.) :)

    I thought I felt a shift in the force this morning!

    I hope you all have a great weekend!!

    :-)

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.