WordPress.org

Forums

[resolved] Why Are wordpress teams not solving this ? Biggest WordPress Loop hole.......... (4 posts)

  1. Saif Ullah
    Member
    Posted 3 years ago #

    I m figthing with this virus from last month.
    and it automatically adds a javascript to my index files at my hosting......
    i have done every thing, scannng, re installation of my all files, changed pswds etc..... all what ever i could do even i have installed my windows again....
    still it automatically replicated and injects a javascript code redirecting my website to anothr website the same of which i am sending u......
    i m tired from this virus.............. now [:(] ....
    if possible......
    kindly review this and tell me the best solution.
    i have even tried many solutions for this virus. :(( which is actually a malware...... i tried this solution too :((. but nothing beneficial..

    this is the script which is continously adds itself to start of my index files...

    [Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]

    http://www.ryan-isra.net/howto-fix-malicious-javascript-suspected-variant-gumblar-virus/

    [no bumping please]

  2. esmi
    Forum Moderator
    Posted 3 years ago #

    This isn't a WordPress core issue, per se. The hacker could have gained entry from anywhere on the server. And that fact that he keeps getting back in proves that the hack wasn't cleared out properly on previous occasions. Either that or you are using a seriously insecure server. Have you discussed this possibility with your hosts?

    In the meantime, see:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    And, yes, you need to read and follow the instructions in all of them.

  3. smartobject2
    Member
    Posted 3 years ago #

    Especially read and do the part that advises removal of _everything_ on your site. You don't have to physically delete it, just take an FTP application and "move" your site root files and dirs away to a new directory like "oldsiteJKL"
    Then apply the other security advice in the articles as you re-install WordPress and for the images you copy them back as needed.

    If you dont remove everything, then you are just leaving the hacker's back door untouched - that's why it happens again.

    But do delete the oldsite files once your up and running.

    Cheers,
    let us know how it goes.

  4. esmi
    Forum Moderator
    Posted 3 years ago #

    And do contact your hosts about this - just in case they want to run checks as their end.

Topic Closed

This topic has been closed to new replies.

About this Topic