WordPress.org

Ready to get started?Download WordPress

Forums

WordPress Website has been hacked? (4 posts)

  1. DesignLoud
    Member
    Posted 2 years ago #

    Hello all, I have a major issue with a clients WordPress website and I cannot seem to pin point where the problem is stemming from. The website is built on the Gazzette Theme from WooThemes, and there are only a few necessary plugins activated.

    The problem is when you Google the business name, then it shows the name of the site and links to all the appropriate pages but somehow someone has gone in and changed the meta info to read stuff like 'BUY VIAGRA NOW FOR SUPER CHEAP' and various other nonsense. Since the business is a local health food store this is not good at all.

    How is someone able to change this info? I have looked in the All in One SEO Plugin files and Theme files but I cannot find this stuff anywhere.

    How can someone add meta to pretty much every page on the site without it being in the header, footer, functions files or anywhere in the SEO plugin and why now Google is saying the site has been compromised. Is there somewhere I am not looking or something I didn't do, has someone made edits to WordPress core files?

    Thanks for any and all help I can receive on this.. This is a first timer for me..

  2. michael.mariart
    Member
    Posted 2 years ago #

    Without the URL it's hard to say a definiative "yes" or "no", but from what you've said so far, I'd just about guarantee that yes, your site has been hacked.

    From esmi...

    You need to start working your way through all of these resources:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    Additional Resources:
    http://sitecheck.sucuri.net/scanner/
    http://www.unmaskparasites.com/
    http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

    One BIG thing to look for is... does your theme use the TimThumb script anywhere? if it does I'd be 99% sure that's the cause of the problems. All of the WP sites that I've had hacked have had it happen due ot that script. To stop it happening I had ot og through, dleete that file, and change the references to it in the theme. This can take a lot of work, and if you don't know what you're doing it won't be easy. I'd suggest getting onto WooThemes, telling them that the theme has allowed your site to be hacked and you want some support from them.

  3. DesignLoud
    Member
    Posted 2 years ago #

    Thanks Michael, I just checked and your right, I see the timthumb script in the theme files. I guess at this point I need to remove that and remove the calls to that script or if I get stuck I will get in touch with woo themes. Thanks for your help!

  4. DesignLoud
    Member
    Posted 2 years ago #

    Wow, I have been at this all day and it has turned up alot of crazy stuff. So what I have is the 'Pharma Hack' but so far from what I've noticed is that it is only in the theme files, I have checked the core files and plugins and also the databases and I cant find anything else, but I just fetched as Google bot in webmaster tools and I see what Google fetched and it is still there.. Any more suggestions?

Topic Closed

This topic has been closed to new replies.

About this Topic