Please help!! I haven´t logged in in my blog for about 3 days. When I finally log in I see a red “warning” screan and it says that my blog may have been hacked or someone has put in some kind of virus in it. Everything in my design is upside down now. What can i do? The webpage that alerts me about this virus mentiones a link that made the problems. Please help I want my design to be ok again. Everithing was fine for about 2 days ago and now everything is upside down. My blog is http://www.beautybytanci.se
Have you looked over http://codex.wordpress.org/FAQ_My_site_was_hacked?
That has some good tips.
Are you using a shared host for your website? Or using a VPS/Dedicated server? If using a shared host the server your site on could have been compromised and that is how access to your site was gained.
It also could have been an outdated plugin that you were using that had a vulnerability or if you were using an outdated version of WordPress( latest is 3.3.1 ).
If you aren’t sure how to FTP into your server and going through code I’d recommending looking for a developer that can assist you with helping you fix your site.
Thank you for your quick reply. I have made a update and have 3,3,1.
I am not good at this blog or code things. I Only know how to post something and how to blog. But nothing about the codes.
I have made a scan and it says that this is the infection. http://www.j4v4.kit.net/java.js
I really dont understand how my blog can look good If I look at it with google chrome but when I look at it with explorer it is a mess. This is what I need help with. How do I restore it so it looks good. I haven´t touched ANYTHIGN in my codes so I haven´t made that mess.So that is why I think that this is strange that everything messes up like this:(.
a big thank you in advance.
You most likely can remove the infection by editing files in your theme that are including it. It’s hard to say where exactly the infection is located so you’d have to download your theme files and then run a search through them to find that particular filename.
It could have also been a plugin that was uploaded to your site by the hacker and inserts the infection into your theme so that even if you looked in your theme files you wouldn’t see it.
If you don’t have any experience with using FTP or if you don’t know much about PHP I would recommend looking for a developer to help assist you with your problem.
JarretC, how are the hackers uploading plugins to our website if it isn’t vulnerable in the first place?
When I was hacked, when I opened the index.php files, they looked normal in a text editor until I opened it in a raw text viewer.. then I saw the binary code at the top which google was translating.
Does WordPress have any other up to date methods of securing the site other than “change your password, update wordpress, maybe use SSL if you can get the server configured”?
install Theme authenticity checker. also i suggest review all your file and check modified date through ftp. Delete others theme which you are not using. I also suggest delete plugins which you are not using. Us e a backup tool to backup DB.
Thanks for your response! So the main way we are getting hacked is through Themes? I was hacked by a feature or an image resized INSIDE a theme. Is there some way to tell what themes will be modifying my secure install- such as, are theme plugins allowed to make directories writable?
I would think it would take a LONG time to navigate through all the directories to compare the dates to see if they have been modified recently. Is that what you do, or do you have an application to check modified dates? I’ve found external site services that offer the option to check my site for modifications but they cost more money than I am willing to spend.
MAybe this has not anything to do with my screwed up desing but maybe for a month i had new theme updates (twenty eleven, and some more). I haven´t made an update because I was afraid that every modification “design” will be deleted and back to square one.
What do you think? Can it be the reason why my blog lookes like that with internet explorer? Because I have not made the update? Or is it because of that “hacker” or infection http://www.j4v4.kit.net/java.js
that is mentioned on a “red warning page” when i try to enter my blog.
Will everything dissapar if I make update on my theme?
did you identified the plugin name? also i want to know which hosting you are using. do you have some other website on same hosting account?
So you have modified the actual Theme pages themselves?
Yes, I would think when the theme is updated your files would be overwritten. I may be incorrect and I’ll let others chime in. I didn’t see anything on the Theme Development page. It seems there is a Lesson in Customizing Template Files, but the anchor link just brings you to a general guide about modifying themes, but not a step by step lesson.
I strongly suggest all twenty eleven user to make a child theme and do modification. yes you may loose your customization if you did in theme code.
Take a local backup of your current theme so you can do the changes at new theme. or you can easily modify and use your current theme as child theme of latest twenty eleven. you only need to keep the file which you modified.
I haven´t identified anything by my self. Yesterday I tried to enter the front page of my blog (using internet explorer) and there was a red WARNING page that said that this link; http://www.j4v4.kit.net/java.js
was infecting my blog and that it was maybe a hacker or a bug that somebody planted in my blog. And it warned that this could harm other computers when they try to enter my blog. Also when I recieved this warning I tried to enter my blog with google chrome and everything looked god (the design). But then I tried again with Internet Explorer and it looked messy again.
This is not soo good because I Have about 15 000 readers/month. 🙁 and I hope that they wont get any infection from me.
I dont know anything about codes or designing (a friend made my design) I stayed up all night trying to find that code in my “blog codes” but didn´t find anything. I found a “pay for scan and cleaning” that is called Sucuri SiteCheck website and I did a scan for free and it also find that the same code was the trouble. http://www.j4v4.kit.net/java.js. It calls it for “malware”. And that I have to pay to have it removed. But it costs a loot.
Hi everyone. You are so nice for trying to help me. Big thanks in advance. No I havent done any modifications by my self because I´m a “dummie” when it comes to codes and desing. So I never change anything by myself in the codes. I only install plugins and update WordPress to 3,3,1. I haven´t made any “theme updates”. I have read about that you can make a modification in the “child themes” but I have no idea what they are. Really,,, i have nooo education in coding.
Now..i just want to make my blog look normal again. I´m sooo angry because I never touch anyhing in the codes and they get screwed up by them selfes.
Maybe it is that “hacker” thing that happened:S. I really don´t know. But the strange thing for me is that if my codes were screwed up…then my blog would look screwed up “everywhere”. But in google chrome it looks perfect. How can that be?
if you not made any changes i can suggest you can upgrade your theme.
DO you think that this is a very difficult thing to fix? My screwed up design? Do you have any clues why it looks bad with “internet explorer” but it looks normal with “google chrome”? If my codes were screwed up…wouldn´t it then look bad EVERYWHERE?? And not just with internet explorer?
People, start here. Read it carefully and follow all the links that this article gives (especially under read some good blog posts). Also read that carefully and try the suggestions.
There is no easy way to clean up. It is often easy to patch though. Just delete all files except wp-config.php and upload fresh copies. This might make things look good again, but if the hacker knows your password or you still use the badly coded plugin that was used in the first place, you’ll be hacked again in no time.
Clean up thoroughly, not rapidly! When you’re sure you’re clean again, read this:
- The topic ‘HACKER?’ is closed to new replies.