SQL injection/wordpress hacked | WordPress.org

tyrspawn
(@tyrspawn)

15 years ago

In the middle of the night I noticed that my website was re-directing to somewhere, although it never loaded any other pages, it would just stall indefinitely. I found this injected into my index.php:

http://pastebin.com/e9mXJZRh

Removing the injection fixes my website, but it seems to return every night at around 3 AM eastern. I would love some help tracking it down. I tried to search for parts of that in phpmyadmin, but I have never dealt with anything like this before and don’t really know what to search for, or what to do. Please help.

Oh and I know plugins might be related to this. I am/was running:

Akismet
Twitter Tools 2.4
WordPress Database Backup

The wordpress database backup randomly stopped working awhile back, so something might be broken with it. Regardless, I disabled that plugin now. I doubt Akismet or Twitter Tools are causing a problem, but i’m open to your ideas.

Viewing 2 replies - 1 through 2 (of 2 total)

Moderator keesiemeijer
(@keesiemeijer)

15 years ago

http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Thread Starter tyrspawn
(@tyrspawn)

15 years ago

I changed my wordpress login/password, sql password and admin password for my website. Today I found a new injection, my DB is apparently still compromised (I assume it’s my DB at least).

http://pastebin.com/Qs066QGJ

Some more details:

The injection is a re-direct which keeps attempting to re-direct to BRUTERGASED.INFO

The injection is a trojan, redirme-inf. That’s what avast anti virus is picking up. I would appreciate help…

I deleted the store of all my spam comments, so I don’t think its hiding in a comment somewhere. I’m not sure where else it would, or what to search for. I have phpmyadmin and can do search queries, but have no idea what it would look like. I tried searching for eval and lave as per one of those thinks, and some other keywords, but was unable to find anything .

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘SQL injection/wordpress hacked’ is closed to new replies.

Tags

sql injection

In: Fixing WordPress
2 replies
2 participants
Last reply from: tyrspawn
Last activity: 15 years ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics