Thread Starter
dblast
(@dblast)
It seemed it was in the header, I renamed the old header and uploaded a backup. Anyone know how someone got in and changed my header?
I could not even view the header.php my control panel would not let me view it.
I’m a little nervous it may be in other files or my blog is open to other attacks of these types.
Thread Starter
dblast
(@dblast)
This is the jerk that Hacked my site;
makilovitalcamader@gmail.com
He somehow made a user name adminsta which got by me and I actually logged in many times under it and made various posts and pages.
I changed all the pages authored by adminsta to another name then deleted everyone from my members area including adminsta and all the posts and comments associated.
I looked in the header found code there and deleted it and uploaded a back up header.php then I found code on the latest post and deleted the post as well.
Am I missing anything? Is there more I can do (please remember I am a rank newbie so my worpress expertise is limited.)
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Thread Starter
dblast
(@dblast)
As much of them as I could.
1-Changed passwords
2-Deleted all users
3-Attributed the posts to a new user and looked at all the html.
4-Uploaded a fresh header and style.css
5-Thankfully my webprovider helped me just upgrade to the latest version of wordpress.
That’s it so far. However I am noticing I am getting spam in my most most recent post in the comments even though I have comments disabled.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Are you using the latest version of WordPress now (currently 2.9.2)?
Thread Starter
dblast
(@dblast)
I was not but I upgraded after the above steps 1-4.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Do you remember what version of WordPress you were running before this? Are you still having spam troubles on posts with disabled comments? And, are you using any anti-spam plugins, like Akismet?
Thread Starter
dblast
(@dblast)
2.8
I changed the name of the comments.php and since then have not gotten any spam. Akismet was catching it but every few minutes after deleting I would get more. So I dropped the comments.php and I deleted all members so there are just the admin (me) and me. I’m watching to see if there is any other weird activity since upgrading.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Oh, so Akismet was catching the spam? That’s a good thing, and probably normal. Changing the name of comments.php is a great way to prevent automated spam, but it will probably break the next time you do an automatic update.
Thread Starter
dblast
(@dblast)
O.K Now I was trying to save a page and I got a weird error indicating a header2.php. I thought that was suspicious so I tried to view the php and it said I could not. So I deleted it and the strange code went away.
My question is how is this happening could there be code injected somewhere in the site. I mean if I’m the only user how are they creating a header2.php?
website;
http://www.warrior-scholar.com/blog
Thread Starter
dblast
(@dblast)
Maybe header2.php was there already and I missed it and it got corrupted? Is there a headeer2.php with the basic install? I am suspicious since the last hack attack so I err on the safe side.
