Multisite hacked, but partialy works (5 posts)

  1. Sal3tra
    Posted 2 years ago #


    my site has been probably hacked. I was running WordPress multisite using not newest version of WP.

    Now one of sites have strange home page: http://promusica.edu.pl/ (everywhere, even on http://promusica.edu.pl/wp-admin). I tried to find in files text like "Password:", <pre, and some other to remove this deface. Also I looked in index.php and .htaccess and there is nothing unfamiliar.

    What is strange, other site running on the same instance of Wp - http://proregione.org/ is working fine.

    Any ideas how can I fix home page of http://promusica.edu.pl/ ?

  2. esmi
    Forum Moderator
    Posted 2 years ago #

  3. Sal3tra
    Posted 2 years ago #

    I see, thanks. Is this case so curious that nobody knows where such malicious code like that could been added?

  4. esmi
    Forum Moderator
    Posted 2 years ago #

    No. Nor does it really matter. The only thing that does matter is that the site is thoroughly de-loused after a hack.

  5. Sal3tra - Anyone with sufficient skills in command line can figure out where the code was added.

    But generally it doesn't actually matter. I talk about how one does it here: http://halfelf.org/2013/evaluating-evil/

    And I do things like that regularly, but 99% of the time, I just clean it up. Hacks come from vulnerabilities. Vulnerabilities come from old/out of date/improperly coded plugins and themes most of the time (SOMEtimes yes, WP, but rarely). Keep your installs up to date, the plugins and themes especially. Delete anything you're not using or don't need.

Topic Closed

This topic has been closed to new replies.

About this Topic