Support » Installing WordPress » I think I’ve been hacked… again…

  • Well… I have no idea how to diagnose this since I don’t get any error. Basically, the site shows up for a split second and then goes all white (It works fine if you disable javascript). I had a similar problem in the past, but I deleted all my wordpress files (Except for images and wp-config) and did a clean install. That fixed it last time, but now this isn’t working. I have no idea what to do this time and I’m really pretty computer illiterate when it comes to this stuff.

    Anyway, here’s a link to my site. I’m not sure if it will do something bad.

    http://www.snakevsmongoose.info

Viewing 10 replies - 1 through 10 (of 10 total)
  • You do have a compromise or error of some sort. It does appear to be a javascript problem. It is being identified as a “javascript obfuscation” exploit.

    “Suspicious: Script outside of <HTML>…</HTML> block”

    dWfwltHZmY='';var jTL='';var jQF=390;var nXZZ="";var fAS="";var gUTT;var yUD=57338;var bLZI="bLZI";...

    I see it under the </html>… how do I get rid of it exactly? I’ve tried 2 clean installs already and have upgraded to the newest version.

    Wow. It kicks off my virus scanner.

    WARNING: ProxyAV has detected a virus/PUS in this
    file!

    I was going to ask “When you say ‘2 clean installs’ do you mean all new databases with all new content, or are you importing your old content?”

    But seeing that error makes me think it’s a SERVER hack, and has naught to do with WP.

    Remove WP completely from your server and put up a temp index page. See if that ‘works’ without buggering your source. If not, it’s the server and you need to call your server tech.

    When I say clean install I mean that I deleted all the wordpress files, but not the database.

    Try a clean database as well (don’t delete yours, just make a new one and use that).

    If that’s clean, then you’ve got bad in your DB and you’ll have to comb that for oddities 🙁

    Okay, I got the same problem with a new database.

    I did figure something out though. The error only comes in when you go to my homepage. If you visit the root directory (www.snakevsmongoose.info/blog) everything seems to work. Any idea why that might be?

    “Suspicious: Script outside of <HTML>…</HTML> block”

    I have seen such warning on non-WP site. It has nothing to do with WordPress.

    Talk to your host. I bet you are on share hosting.

    Ditto bottleneck’s advice. Your server’s been hacked, and it’s buggered. Contact your host ASAFP and get ’em to help you clean up.

    That script isn’t friendly. No one obfuscates that much for no reason. If you run FF you can see the source with this URL view-source:http://snakevsmongoose.info/ and never have to execute anything on the page. The script is at the bottom after the closing </html> tag.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘I think I’ve been hacked… again…’ is closed to new replies.