• I’ve installed WordPress many times for quite awhile and have never run into an issue like this:

    I recently installed 3.1 on shared hosting account for a client. I created a custom theme for the client and got the blog working great.

    After receiving a complaint from the client that the blog wasn’t looking right, I noticed that all my stylesheets were redirecting to a site called classwoods.ru. It looked like some sort of code injection or some other compromise to the site.

    I completely reinstalled WordPress again and am having the same problem. It’s not only the stylesheets, but also when I login to the backend – it forces a download from this classwoods.ru site which is just a blank index.php page. Very odd.

    I’ve searched my site for any injected code and I can’t find anything anywhere! Any help would be appreciated. Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • Just some ideas…
    Since you reinstalled WordPress, I presume the core files are fine. That leaves me with these 2 questions:

    * have you double-checked the template files?
    * have you’ve looked through the database tables to make sure they’re okay?

    Is he (are you?) using any plugins?

    +1 on the above mentioned suggestions

    Sounds like a hack. Unfortunately this is not isolated to database / WP core files, and can also affect plugin and theme files.

    Do you have a backup of your theme from a while back? If so, try reinstalling that too. Disable all plugins and see if this gets rid of the script that is causing the redirect, then re-activate one-by-one, testing the site with each activation. As soon as you activate a plugin that causes the issue, that’s probably the cause, though it could be more than one.

    Another thing to try is doing a search for “base64” in the wordpress files (including theme and plugin files). This is often in the header of some of the files and should be removed.

    Oh, and back up everything before you do any of this. Just in case, like.

    Moderator James Huff

    (@macmanx)

    Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Also, if you do sort this, change the db password (and obviously update your wp-config.php file accordingly) and get your client to change all hosting and FTP passwords too, for good measure.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Strange Problem’ is closed to new replies.