SQL Injection

  • Resolved spook65

    (@spook65)


    9 years, 6 months ago

    Hi. I found an hack in my SQL database that will return on the top left corner of my website (only Firefox and Explorer) some links related to online gambling websites.

    I’ve found the corrupted line and deleted it, changed the password to my WP admin panel and the hack is gone.

    But the day after the hack is back there. What should I do to fix it?

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • screenbeetle

    (@screenbeetle)

    9 years, 6 months ago

    Here is a very good article to start with:
    http://codex.wordpress.org/Hardening_WordPress

    I’m not really sure from your explanation if you are talking about an sql injection attack or something else. Some simple things to check and do though are:

    – Ensure your WP version is up to date
    – Ensure all plugins are up to date
    – Change your hosting FTP and Control panel passwords
    – Check the file permissions are correct (broadly 644 for files and 755 for directories – nothing should be 777 apart from maybe uploads)
    – Contact your host to ask if there are any security issues on their side of things

    Just a start

    Thread Starter spook65

    (@spook65)

    9 years, 6 months ago

    Hi. I found the problem. The hackers included an hidden file, not visible via FTP but only when downloaded on desktop PC, called social.png in each theme root directory. It looks like an image but it is a coded file. I’ve deleted that and uploaded a fresh version of my theme. I hope this will help for anyone will face the same problem in the future.

    Ciao

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘SQL Injection’ is closed to new replies.