Support » Everything else WordPress » index.php hacked : all sorts of viagra/cialis links

  • Scanned the forums but didn’t see anyhting about this…

    Today, a client of mine called and said that his site was down. I was getting this error message:

    Parse error: syntax error, unexpected '<' in /home/ohdog02/public_html/index.php on line 5

    Upon opening index.php in the root, I see this:

    /* Short and sweet */
    define('WP_USE_THEMES', true);
    <div style="overflow:auto; visibility:hidden; height: 1px; "><a href="">cheapest generic cialis</a>|<a href="">cialis compare levitra cialis</a>|<a href="">cialis versus cialis</a>|<a href="">generic cialis</a>|<a href="">buy cheap generic cialis</a>|<a href="">cialis sales uk</a>|<a href="">buy cialis now</a>|<a href="">buy cialis online</a>|<a href="">cialis online</a>|<a href="">buy online order cialis</a><a href="">online cialis buy</a>|<a href="">buy cialis online</a>|<a href="">brand name cialis</a>|<a href="">levitra vs cialis</a>|<a href="">cialis tablet</a>|<a href="">low price cialis</a>|<a href="">cialis generic cialis</a>|<a href="">cialis cost</a>|<a href="">cialis online pharmacy</a>|<a href="">cialis best buy</a>|<a href="">drug cialis</a>|<a href="">buying cialis online</a>|<a href="">low cost cialis</a>|<a href="">cialis pharmacy</a>|<a href="">generic cialis online</a>|<a href="">cialis prescription online</a>|<a href="">buy low price cialis</a>|<a href="">buy generic cialis</a></div>

    Where did all that spam come from? How did it get in index.php?

    Using WP 2.0.5 (upgrading now, to 2.1)

Viewing 5 replies - 1 through 5 (of 5 total)
  • Are the permissions on index.php set to world writable?


    I have WP 2.2.3 and I got the same problem with a client of mine. Everyday there is a bunch of cialis/ viagra links added to my index.php files … and not just index.php files of wordpress … any index.html files throughout the directory structure.

    The permissions on index.php are: -rw-rw-r–

    What is the correct permission level?

    What should I do?


    Change the site password(s).

    Monitor the logs.

    Consider contacting the host if you can’t figure out how folks are getting in and ask for help.

    I already did all that, still got hacked. I have a feeling they are running some script via a wordpress plugin or something.

    Yesterday I changed some index.html files to 444, and they could not add the viagra/cialis related links on those files.

    >Change the site password(s).

    Use special characters, Greek ones and lowercase & upper case characters to make up a password for WordPress, control panel of your web hosting and MySQL database. Some web hosting companies won’t let you use Greek characters, and others do.

    You may want to remove suspicious plug-ins. I don’t know where your website is located. So that’s all I can say for now.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘index.php hacked : all sorts of viagra/cialis links’ is closed to new replies.