Support » Fixing WordPress » Russian invastion! My site got hacked

  • Hi there. I look after a site for a friend of mine and it seems to have been hacked.

    At the foot of the her pages there is a script under the end html tag. This script attempts, and often succeeds, to send the user off to a Russian website that attempts to load some kind of PDF. The URL ends in getfile.php?f=vispdf

    At first I thought maybe it was some dodgy plugin, she only has a few but she had a number inactive. So I went ahead and deleted all the inactive plugins then reinstalled all her other plugins, regardless of if they were actually showing as up-to-date.

    The code remained.

    I reinstalled wordpress.

    The code remained.

    At this point I called Midphase and spoke to someone who sounded like they hated life. They said because the wordpress install was not done through their control panel it was unsupported, goodbye.

    I deleted wordpress

    I deleted her database and mysql user.

    I reinstalled wordpress using their one touch control panel, then reinstalled the theme (Dilectio) then the three or 4 plugins, then I manually reposted the 4 posts she had written.

    Problem solved!

    Until today. The script is back, the site sometimes attempts to send you to Russia and I am completely confused.

    I have called Midphase again and this time I strongly suggested that while I am not Matt Mullenweg I think that maybe the problem is with their stuff and not mine. They said they would look at it, but I’m not sure I’m convinced they’ll be too hurried about it.

    Is anyone else experiencing malicious scripts being injected into their blogs? Is this a wordpress vulnerability or a Midphase vulnerability?

    It’s worth noting my manual install of wordpress was bang up to date. Their one tounch install is wordpress 2.6.1.

    (The site in question is Though please beware of whatever it’s trying to load if you’re using a PeeCee.)

Viewing 2 replies - 1 through 2 (of 2 total)
  • TodaysCreators


    I’ve experienced this problem also.
    (Note: I’m using a different server to Midphase – MDWebHosting in Australia)

    In my case the source appears to be (as indicated in the download approval dialogue box in Firefox)

    I’m also seeking a solution to this problem

    David Berghouse
    Author: Today’s Creators



    I had a similar problem with redirects by a malware. I called my webhosting provider and talked to a tech rep that told me this stuff is being passed along by search engines when a link is clicked. Check the last post in the link below. This describes the steps I took (at my webhost’s direction) and successfully removed the malware. P.S. Mine was the Russians also. I need to thank them for a couple of weeks of frustration. Good luck!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Russian invastion! My site got hacked’ is closed to new replies.