Got Hacked need help!
-
Some jerk Hacked my wordpress and now drug links appear at the top of certain posts;
http://www.warrior-scholar.com/blog/?cat=3
What do I need to do?
Please help.
Dan
-
It seemed it was in the header, I renamed the old header and uploaded a backup. Anyone know how someone got in and changed my header?
I could not even view the header.php my control panel would not let me view it.
I’m a little nervous it may be in other files or my blog is open to other attacks of these types.
This is the jerk that Hacked my site;
makilovitalcamader@gmail.comHe somehow made a user name adminsta which got by me and I actually logged in many times under it and made various posts and pages.
I changed all the pages authored by adminsta to another name then deleted everyone from my members area including adminsta and all the posts and comments associated.
I looked in the header found code there and deleted it and uploaded a back up header.php then I found code on the latest post and deleted the post as well.
Am I missing anything? Is there more I can do (please remember I am a rank newbie so my worpress expertise is limited.)
Did you follow the steps here?
As much of them as I could.
1-Changed passwords
2-Deleted all users
3-Attributed the posts to a new user and looked at all the html.
4-Uploaded a fresh header and style.css
5-Thankfully my webprovider helped me just upgrade to the latest version of wordpress.That’s it so far. However I am noticing I am getting spam in my most most recent post in the comments even though I have comments disabled.
Are you using the latest version of WordPress now (currently 2.9.2)?
I was not but I upgraded after the above steps 1-4.
Do you remember what version of WordPress you were running before this? Are you still having spam troubles on posts with disabled comments? And, are you using any anti-spam plugins, like Akismet?
2.8
I changed the name of the comments.php and since then have not gotten any spam. Akismet was catching it but every few minutes after deleting I would get more. So I dropped the comments.php and I deleted all members so there are just the admin (me) and me. I’m watching to see if there is any other weird activity since upgrading.
Oh, so Akismet was catching the spam? That’s a good thing, and probably normal. Changing the name of comments.php is a great way to prevent automated spam, but it will probably break the next time you do an automatic update.
O.K Now I was trying to save a page and I got a weird error indicating a header2.php. I thought that was suspicious so I tried to view the php and it said I could not. So I deleted it and the strange code went away.
My question is how is this happening could there be code injected somewhere in the site. I mean if I’m the only user how are they creating a header2.php?
website;
http://www.warrior-scholar.com/blogMaybe header2.php was there already and I missed it and it got corrupted? Is there a headeer2.php with the basic install? I am suspicious since the last hack attack so I err on the safe side.
- The topic ‘Got Hacked need help!’ is closed to new replies.