Support » Fixing WordPress » Hacked admin. Please help

  • Hi all,
    I’ve taken over the administration of a wordpress web site, which was both using an old version of wordpress, and very vulnerable to attacks.

    I quickly upgraded the wordpress version, but apparently the bad had been done because the site was already subject to several backdoor attacks, and there were some devious things in the .htaccess as well.

    I installed a malware (Anti-Malware by Eli) and sure enough, it found a bunch of corrupted files (as it turned out, non-chrome users were redirected to a porn website when coming from google searches) and corrected everything.

    Now I’m back with a whole new problem, however because whenever I go on the website while I’m logged in as an admin (any page, and also from the dashboard) I get an authentication request for some luedolph.de server which has nothing to do with my host. This only happens if I’m logged in, though. So a random user would not experience this issue.

    I’m trying to locate this, but the anti-malware doesn’t find anything, and I don’t find anything spooky in the wp_config table in my DB (but perhaps I’m not looking in the right place). I also tried a text-based search for luedolph.de in my files, but to no avail.

    Any idea where I could start looking? I’ve made my best to shut down the vulnerabilities with my limited knowledge of wordpress security issues. I changed the key salt in wp_config.php, protected .htaccess, and wp_content. But other than that I’m nothing like a security wiz.

    Thanks in advance

Viewing 8 replies - 1 through 8 (of 8 total)
Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Hacked admin. Please help’ is closed to new replies.