Support » Fixing WordPress » Site hacked but couldn’t make any sense

  • [ Moved to Fixing WordPress ]

    Hi fellows, my client’s site was hacked few days ago
    I saw results on google and go wp-admin panel to see what’s wrong with his site but couldn’t find anything even not a single plugin than i checked his cpanel too what’s wrong with web?
    In hacking results, search engine was showing some creepy title, search engine screen shoot .

    In cpanel i found error log, which was showing something like this:

    [16-Mar-2017 01:20:47 UTC] PHP Warning:  file_get_contents(<strong>http://snacksshop.top/sunshine/0310jc1062/pages.php?/30961653w6t2_0559125361/td41wm00ta83di1.fires</strong>|mysite.com): failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error
     in /home/user1111/public_html/mysite.com/index.php on line 36
    [26-Mar-2017 07:39:53 UTC] PHP Warning:  file_get_contents(http://snacksshop.top/sunshine/0310jc1062/pages.php?/30961655v2f6_58911737981/yv86qf31pt96kp1.fires|example.com): failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error
     in /home/user11111111/public_html/example.com/index.php on line 36

    The web which is visible is linked to hacker’s sources. In google search results can be see japanese title and description, when i copy the same title and search with those titles there was lot of other site which was effect with hacking flow.
    Can any one explain how this can be possible to hack like this?
    My error log file is 28mb ^_^ but all lines are same.. is this was a major attack on wordpress sites?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Can you reproduce the issue if you run the site locally? You’d probably need to look for those same characters by checking the page source.

    If you can, I’d start by running a diff of your site’s current code against a latest ‘clean’ backup or against the clean WordPress codebase of the same version. If there’s nothing in WordPress core then you need to check the active theme and possibly even plugins. Easiest to narrow it down is just disable all plugins and check if issue persists, then switch to a clean version of some default theme like twentysixteen, then check again.

    You need to start working your way through the resources on this page. I’d also suggest reviewing http://ottopress.com/2009/hacked-wordpress-backdoors/

    Anything less will probably result in the hacker walking straight back into your site again.

    Additional Resources:
    Hardening WordPress
    http://sitecheck.sucuri.net/scanner/
    http://www.unmaskparasites.com/

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Site hacked but couldn’t make any sense’ is closed to new replies.