WordPress.org

Ready to get started?Download WordPress

Forums

WordPress Hacked Help: wp-xmlrpc.pho/wp-blog-header.php (9 posts)

  1. techmuse
    Member
    Posted 4 years ago #

    Hey, Everyone!

    Need some help to say the least...

    My WP site has been hacked and keeps inserting hidden links after the body tag in the wp-blog-header.php. Google is threatening to take the site out of their index due to breaking their Webmaster rules.

    Here is what the host provides for me to look at, but they are not offering any help with what I should do about it.

    public_html/wp-content/cache.php: HG-MYSQL.rst.void.ru.MySQL.shell.Fragment.AA.UNOFFICIAL FOUND
    /home/bizem09/public_html/wp-xmlrpc.php: HG-MYSQL.rst.void.ru.MySQL.shell.Fragment.AA.UNOFFICIAL FOUND

    There is no cache.php in the wp-content folder and there is no wp-xmlrpc.php /anywhere/ on the server let alone where they claim past backups point to as noted above.

    I keep modifying the wp-blog-header.php and the junk links keep coming back. My passwords have been changed on a regular basis, my permissions are correct (644) and I am at a loss as to where to look or what to do to remedy this.

    Has anyone run into this -- can you point me in the right direction? The gods at Google are giving me time to resolve this and the site in question has #1 rankings that I would really like to avoid not loosing.

    TIA for any support or advise you can offer!

  2. unitcircle
    Member
    Posted 4 years ago #

    I'm having EXACTLY the same problem. The first time, someone had been able to create bogus user accounts. I deleted the accounts and changed my admin password, but since then someone has inserted hundreds of invisible links in my header.php and footer.php

  3. iridiax
    Member
    Posted 4 years ago #

  4. techmuse
    Member
    Posted 4 years ago #

    Thanks for the link -- I've bookmarked that one!

    Turns out it was a PHP shell named wp-xmlrpc.php that had to be deleted and the shell script added back to the account. That's how the host explained it. They also confirmed it had nothing to do with the database.

    Let's see how long it takes Google to get the site back in the index after having to grovel....

  5. talgalili
    Member
    Posted 4 years ago #

    techmuse, I believe you just saved me !

    I have been having this damn hole in my server for I don't know for how long, without being able to find it.

    I just found this "wp-xmlrpc.php" in my home directory and removed it.

    Thank you very very much !

    Tal

  6. llworldtour
    Member
    Posted 4 years ago #

    I am having the exact same problem. I have hidden spam links (viagra, etc) inserted into my header.php. I delete them and then they return. I also deleted all these fake users from my servers list and changed my name/password. Now what? Help!
    Techmuse--how do you insert this new wp-xmlrpc.php file/script into the acct??

  7. talgalili
    Member
    Posted 4 years ago #

    llworldtour
    You don't insert it, you need to find the file and delete it. Some hacker injected it into your host...

  8. controlzed
    Member
    Posted 4 years ago #

    I'm having the same issue, but can't see a file called wp-xmlrpc on my site anywhere, or any files that look out of place. I did a search, made sure hidden files were turned on, all that stuff.

    I tried to wipe WP and do a fresh install on a new database, but even on the configuration screen before installing wordpress there were some dodgy links in the header!

    this is driving me nuts, it took me ages to figure out this is waht was causing my site to crash, if anyone can help i would be REALLY happy!

  9. talgalili
    Member
    Posted 4 years ago #

    The problem with reinstalling wordpress in the usual way is that it will not erase newly formed files.

    Consider trying backing up all the files.
    Then erasing ALL of them from the server.

    Then uploading a fresh installation. (with the correct wp-config)

    And see if that resolves it.

    Please let us know how it went.

    Tal

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.