Support » Fixing WordPress » site hacked –

  • Resolved Boris



    I have a site and it got hacked a few days ago. I tried to delete all files and upload them again, but the virus warning appeared again a short while later.

    What happened was that on many pages there was suddenly an iframe from

    My anti virus programme shows me this warning:

    I googled that website and now there are already around 1000 hits. When my site got hit it was only a handful, so maybe that thing is spreading 🙂

    Does anyone have any suggestions on what else I could do to get rid of this short of completely demolishing everything?

    When I set the site up I had changed the database prefix, changed the admin login, hid the wp version number, but it still happened. I’m running WP 2.8, and the usual array of plugins, like bad behaviour, nextgen gallery, wordtube, all in one seo and a few others, all of them up to date or at least they were. I’m in India at the moment and I can’t really access the site anymore. As soon as I do my internet connection slows down to a crawl and after a while my laptop surrenders…

    Any help would really be appreciated.


Viewing 13 replies - 1 through 13 (of 13 total)
  • do you use a host service? Look at what happened to mine today:, it has a big black owned hack page on it and my self host service is sorting it out, this is a big problem with blogs, it open source and anyone can screw it


    I’m running WP 2.8

    and where did you get that? since the latest version of wordpress is 2.7.1


    Open source has nothing to do with secure software. Anyone who suggests it does has no clue what they are talking about. Security through obscurity is not an approved method and should never be relied upon. Look at Windows and Internet Explorer, they are closed source and are the most hacked pieces of software around.

    You should leave your host for ignorance alone.

    Thread Starter Boris


    whooami, it’s called SVN 🙂

    we’re still being haunted by that bloody iframe, but apparently the people behind it somehow got our ftp credentials (our hosting service told us that the files were uploaded via ftp), so we changed those. Today I had a look and it’s come again…

    Then host is not storing your account information securely, or someone else with FTP details yourself or another admin has been infected and is unknowningly supplying details to these individuals.

    If you’re the only one with access to the details, it’s either you or the host.

    If you’re confident it’s not you, then get a decent host who can secure you account and/or FTP details properly.

    @travel-junkie: What FTP client do you use? Do you store your FTP passwords inside it? Some spyware programs can steal passwords from program settings.

    Thread Starter Boris


    I use filezilla and yes, i do store my details in there.

    My host is all-inkl and they are usually excellent.

    Hi,I have the same problem with my blog, the host might be the culprit?.
    As I have tried changing the administrator password, and FTP that can no longer be.

    Maybe this will help:

    Additionally, if you have register_globals enabled that may cause a hack. If you have too lenient of permissions that may cause a hack as well. Usually you will not need higher permissions than 755 on directories and 644 on files. -Just some more stuff to throw into the melee.

    Thread Starter Boris


    Turned out that after we had changed the ftp password one file didn’t get overwritten when we uploaded WP again, so changing the ftp password does help.

    the attack is same with me..
    that happened to my phpBB…

    target file (for phpBB):

    1. includes/session.php
    2. includes/acp/acp_main.php

    I still dont know how to secure my phpBB bcoz the version was old.
    Im lazy to download n reinstall that phpBB new version…

    For temporary, I just fix my phpBB by removing this code in those two files:

    echo “<iframe src=\”\” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>”;

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘site hacked –’ is closed to new replies.