Did you upload all new files? Or just some new files?
Did you change passwords for all of your non-subscriber users? That is, all of your users with better than read-only permissions.
Why? Fun and/or profit.
How? Hard to say without access to the server, which no one here has. Perhaps your host can help. If it is a flaw in your site it is usually either a bad passwords or a vulnerability in a plugin or theme. If you are on a shared server, a vulnerability in any of the sites, not just yours, can allow a hacker access to all or some of the other sites too.
as long as i know, there is a bug exploit within wp-config.php via sy*l*nk or ju*pl*nk.
i get this info from my friend about few hours ago. Try to protect your wp-config.php with .htaccess so your wp-config.php only accessible from your cpanel only.
What is the exploit and how is it prevented? Mentioning it in passing doesn’t really help anyone. If you are referring to what I think you are, that is really an Apache (mis)configuration problem, but something to be aware of nonetheless.
ye fresh files. anyway they put this iframe that link to a trojan that jump into ur tmp local folder.
Could perhaps be the result of an FTP leak. Have you changed all of your passwords – including FTP?
ye im doing it right now. thanks for the advice ill let you know if they do it again.
@blacklizt, I know how several different ways to deny access to wp-config. People posting here asking for help, probably don’t know. That is why they are asking. What you are saying is probably correct, but not very helpful and it is a ‘help’ forum. So, exactly what would you do to deny access to wp-config.php?
It would also help if you could explain the exploit because I only see one line that might be vulnerable and it would be very, very difficult to pull off.
@v00d0, you aren’t really giving enough information for anyone to help you. Please try to be more specific. For example, do you know what the trojan was? Can a scanner like Sucuri identify it? This should help: http://codex.wordpress.org/Hardening_WordPress
the tojan was identified by my ESET Antivirus. I can put here the iframe that link to the trojan but i don’t know if i can do it.
These are all the information i got:
– wordpress 3.4.1
– iframe inside root website files that link to a trojan
– if i reupload all the files they still can access my site
– i changed all the password.
this is the website:
Be sure to clear the Hyper Cache data.
I don’t know that posting the iframe would help. I am trying to find out the name of the trojan/exploit, if it has a name, in order to help identify how it got there.
What are the file permissions on your server?
the permissions are Ok folder 755 files 644
this was the ifrAME
iframe src=”http://starttraffik.**/” width=”2″ height=”3″ frameborder=”0″></iframe>
check the website at ur risk (is .net). the theme was developed for my website they never updated it.
this is the list of my plugins:
contact foorm 7
google xml sitemaps
my brand login
new admanplatinum seo packreally simple captcha
related post category widget
shadowbox js- use title from image
static random post widget
wordpress database backup
to prevent wp-config.php exploit via symlinks.
add code below within your .htaccess
deny from all
you can find many articles about symlinks on google. It’s old issue but still happen now.
actually wordpress codex already explain how to secure wp-config.php
http://codex.wordpress.org/Hardening_WordPress but not all wordpress users know about this.
How about your plugins? Are they all updated? Are any of them really old and haven’t been maintained?
I am assuming you are shared hosting? Is that correct?
- The topic ‘My wordpress website got hacked, multiple times.’ is closed to new replies.