I am consistently getting hacked (5 posts)

  1. razivbazaz
    Posted 3 years ago #

    I installed wordpress for the blogging purpose . The url for my blog is restoret.net/blog. But last few days my site is being hacked consistently. Google has even listed the site search result as harmful. Going through the coding of theme ifeature, I found that there was some codes in the index.php file. it looks something like this.

    eval(base64_decode('[ Redacted, please do not post that here again ]'));

    I deleted it. and sent the site for review. But in few hrs of time it again came back. its been going on and on and on from last 5 days. I am exausted of any ideas now. My developer is also having no clue to this. But in other case if i log in to webmaster I could see diffrent malware being shown by wmt. Its something like this.

    [ Also redacted, please do not post malware here. Use pastebin.com if you must share that ]

    I tried to find this. But no successs. Please somebody help me. Its hampering the site repo.

  2. Your site is coming up clean per Sucuri but my Chrome just warned me not to visit your site.

    I deleted it. and sent the site for review. But in few hrs of time it again came back.

    That's the clearest indication that you are well and truly hacked. :( You need to delouse your WordPress installation as well as your web server.

    You need to start working your way through these resources:

    Additional Resources:

    Good luck.

  3. razivbazaz
    Posted 3 years ago #

    it doesnt look if there is any problem with my server . Because all other sites and my main site restoretdotnet is very much clear. Its just that this wordpress blog is getting hacked. And i had number of people having same problems but non had a proper response. Please help

  4. That is a proper response and this is a self-help support forum.

    From the link you've provided and the symptoms you've describe, as well as the fact that Google lists your site as laden with malware then I'm sorry but you are hacked.

    It's at least your WordPress installation but it's almost never limited to just that and could be your server as well.

    Either way, you or someone needs to delouse your installation. Those links can help instruct you on that process.

  5. bcworkz
    Posted 3 years ago #

    +1. You really need to follow the advice in Jan D's links. While you have found one instance of malware in WordPress, the fact it keeps coming back means either the hacker still has direct access to your site (you did change all your passwords right?) and/or other code still exists on your server that reinstates the offending code you found and have to keep deleting. While it appears to target WP, the reinstatement code could reside almost anywhere on your server.

    In addition, a copy of the malware is quite likely in your database as well. Such a hack can be extremely difficult to completely find and remove. If you really want your recovery effort to work for sure on the first attempt, you should completely wipe your server and database and restore from known clean backups. But before you do that, see the first FAQ link above for some things to do first.

Topic Closed

This topic has been closed to new replies.

About this Topic