Hacked…

  • Razvan92

    (@razvan92)


    11 years, 4 months ago

    Hi, I have a strange problem… I don’t understand how someone could inject in my website an adfly code in footer or header. He don’t know ftp password or cpanel password.
    I delete this cod but he appear in 1-2 minutes.
    I exported my posts, I create a new database and a new instalation of wordpress and I imported the posts.
    But after a few time the code apperats again.
    Please help me and sorry for my language. 😀
    Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Rab

    (@rab-rrdev)

    11 years, 4 months ago

    Here’s a few resources you’ll find useful for a hacked site,

    1. WordPress Codex Hacked FAQ
    2. WordPress Codex Hardening WordPress
    3. Smackdown Blog: How To Completely Clean Your Hacked WordPress Installation
    4. Otto’s Blog: How to find a backdoor in a hacked WordPress
    5. Sitecheck’s Securi Scanner
    6. Unmask Parasites’s Scanner

    Thread Starter Razvan92

    (@razvan92)

    11 years, 4 months ago

    Thank you, but what’s the explication? Only this domain is affected and the subdomain. I have another two sites on server and are not affected.

    Rab

    (@rab-rrdev)

    11 years, 4 months ago

    It could be any number of things, without analysing logs, symptoms, permissions etc you’re not going to find the route of the problem. Your web hosts may be able to assist.

    Thread Starter Razvan92

    (@razvan92)

    11 years, 4 months ago

    In error logs I have this:

    [13-Dec-2012 02:42:19] PHP Warning:  preg_match() expects parameter 2 to be string, array given in /home/xxxxxxxxx/public_html/site.com/wp-content/plugins/wordfence/lib/wfDB.php on line 146
[13-Dec-2012 02:42:19] PHP Warning:  mysql_real_escape_string() expects parameter 1 to be string, array given in /home/xxxxxxx/public_html/site.com/wp-content/plugins/wordfence/lib/wfDB.php on line 149

[12-Dec-2012 17:14:49] WordPress database error MySQL server has gone away for query SELECT ID, post_content, meta_id FROM x_posts, x_postmeta WHERE x_posts.ID = x_postmeta.post_id AND x_postmeta.meta_key = '_pingme' LIMIT 1 made by do_action_ref_array, call_user_func_array, do_all_pings
[12-Dec-2012 17:14:49] WordPress database error MySQL server has gone away for query SELECT ID, post_content, meta_id FROM x_posts, x_postmeta WHERE x_posts.ID = x_postmeta.post_id AND x_postmeta.meta_key = '_encloseme' LIMIT 1 made by do_action_ref_array, call_user_func_array, do_all_pings
[12-Dec-2012 17:14:49] WordPress database error MySQL server has gone away for query SELECT ID FROM x_posts WHERE to_ping <> '' AND post_status = 'publish' made by do_action_ref_array, call_user_func_array, do_all_pings
[12-Dec-2012 17:14:55] WordPress database error MySQL server has gone away for query SELECT option_value FROM x_options WHERE option_name = '_transient_doing_cron' LIMIT 1 made by _get_cron_lock
[12-Dec-2012 20:54:51] PHP Warning:  preg_match() expects parameter 2 to be string, array given in /home/xxxxxxx/public_html/site.com/wp-content/plugins/wordfence/lib/wfDB.php on line 146

    I deleted this plugin before been hacked.

    Thread Starter Razvan92

    (@razvan92)

    11 years, 4 months ago

    And this in themes:

    [14-Dec-2012 13:46:04] PHP Fatal error:  Call to undefined function  get_option() in /home/wwwwww/public_html/site.com/wp-content/themes/tema/header.php on line 5
[21-Dec-2012 18:52:43] PHP Fatal error:  Call to undefined function  get_option() in /home/wwwwww/public_html/site.com/wp-content/themes/tema/index.php on line 3
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Hacked…’ is closed to new replies.