Fixing my hacked blog

  • Resolved kwdavids

    (@kwdavids)


    11 years ago

    I’m running a tiny vanilla blog with WordPress 4.2.2 and the Twenty Ten theme.

    The blog, http://status.obamaconspiracy.org, has a tag line set that ends in: “Theories web site.” It looks normal with Firefox and Chrome, but when viewed with Safari or Internet Explorer (see below), there was additional obscene text and a hyperlink.

    Things I tried:

    1. Reinstalling WordPress 4.2.2. No change.
    2. Disabling all plug-ins. No change. (The only plug-ins I had active were Use Google Libraries and Link Manager).
    3. Downloading the entire site and searching for the offending text. Not found.
    4. Switching to another theme (Twenty Thirteen). All offending text went away on all browsers.
    5) Switching back to Twenty Ten. Offending text in Internet Explorer stopped, but Safari started showing it again.

    There is no caching on this web site.

    I can trash the site and start over, but I’d like to understand what’s going on first.

Viewing 4 replies - 1 through 4 (of 4 total)
  • wslade

    (@wslade)

    11 years ago

    I am sorry to hear your site is damaged. Do you or your hosting company have a full backup of your site? The fastest and most sure way to repair your site is to restore from a backup made before the hack.

    Without a backup your only permanent solution is to repair the site. Follow this guide.

    When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Thread Starter kwdavids

    (@kwdavids)

    11 years ago

    Basically it is a one-page site, so I can just trash it and put the page back.

    I did find the bad spot. It was an addition to functions.php in the Twenty Ten theme directory. That means the hack had to have been done after April 24, 2015, when the Twenty Ten theme was last updated.

    I’ll follow up on your site hardening links. Thanks.

    wslade

    (@wslade)

    11 years ago

    If you don’t want to rebuild the page you can export it and import it in the new installation. Exporting shouldn’t pass any malware if it exists.

    I would be a good idea to delete everything versus copying new over the existing files. I would start with a new database too. Don’t forget about any images you may have in uploads.

    Thread Starter kwdavids

    (@kwdavids)

    11 years ago

    I hear ya. There were all sorts of little nasties scattered around in extra files, including an .htaccess file that made scripts in the includes/images directory executable.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Fixing my hacked blog’ is closed to new replies.