My WordPress was hacked

JustGav
(@justgav)

12 years, 10 months ago

Hi,

I’m sure I’m not alone in expiring this hack at the moment, news on it seems rather scarce.

Suffice to say it injects some code into the php files all over the place. This code is encoded but a few have already managed to decode it.

http://www.justbeck.com/zend_framework-wordpress-hacks/

I’m running a clean up script which looks for the infected files and removes the code, but the attack vector still seems scarce…

Gav

Viewing 6 replies - 1 through 6 (of 6 total)

Thread Starter JustGav
(@justgav)

12 years, 10 months ago

Code snippet of what to look for

[Please do not post hacked code here]

Thread Starter JustGav
(@justgav)

12 years, 10 months ago

My apologies, it wasn’t actually a full chunk, but is it okay to put..

[ Also redacted, really don’t post any of that here ]

Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

12 years, 10 months ago

This conversation keeps coming up. 😉

Don’t post any malware or hacked code here, snippet or otherwise. It doesn’t help anyone to do that and it’s just a Really Bad Idea™ to encourage that.

Suffice to say it injects some code into the php files all over the place.

Decoding that is not the problem you have to solve. The problem is that your WordPress installation was compromised and needs to be deloused.

You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Anything less will probably result in the hacker walking straight back into your site again.

Additional Resources:
Hardening WordPress
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Thread Starter JustGav
(@justgav)

12 years, 10 months ago

Muchly appreciated, will read 🙂

Yeah, the clean up begins, will report back any findings

tracysurf
(@tracysurf)

12 years, 10 months ago

I had the same problem. JustBeck.com as a good article on this with some scripts to help fix: http://www.justbeck.com/zend_framework-wordpress-hacks/

Comments on that post is informative and it appears this malware can come back if the cause isn’t diagnosed.

daanz
(@daanz)

12 years, 9 months ago

Hey all, one of my 3.5.1 sites got hacked with this zend framework thing. I removed the malicious code and updated to 3.5.2, updated all plugins, changed passwords – the works.

Things are almost back to normal, but some little things are missing – links, data. So how do I know if I caught all the malicious code? And how dit it get there in the first place?

Could WP be a bit more informative about this hack? Was WP hacked, was is a certain plugin, where a lot of people attacked by brute force..? Had the 3.5.2 update anything to do with this hack?

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘My WordPress was hacked’ is closed to new replies.

My WordPress was hacked

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics