WordPress HTTPS (SSL)
[resolved] Two Strange Errors (35 posts)

  1. OceansDB
    Posted 5 years ago #

    Found it, my .htacces file had a few hidden lines that linked to http:*//distributioncorporate*.ru/kloac/index.php

    Delete your .htaccess file and make a new one.

    These hackers also place phony files in your wordpress installation. Check your uploads directory and theme files for sm3.php and other files you don't reconize.

  2. bloggersweekly
    Posted 5 years ago #

    Thank you all for all this information. I've been looking through all the posts here and every single one is helpful. I wanted to add the significance of changing passwords and a great plugin which will make it impossible for any further attacks. Here in part one, i mention it: http://bloggersweekly.com/2011/08/25/secure-steps-to-take-with-latest-wordpress-attacks-part-one/

  3. wolfsteritory
    Posted 5 years ago #

    guys be very careful when installing security plugins , one thing ive learned in my hacking days is that one of the most easy way to hack people stuff is by offering false security solutions ,
    because they are desperate & they do not pay to much attention

    one of my favorite method was to simply ask (or give them the option ) somebody so instal my hack or virus ( of course they didn't knew what it was )

    * second was to do something useful, offer it for free , & later using it as a hack or backdoor

  4. bloggersweekly
    Posted 5 years ago #

    Wolfsteritory, my Blog deals with Blog improvement and Blog design. Security is something I am starting to investigate and learning as I go. In my two post there, I wrote about my experience and all I did to eliminate the hack. I downloaded the plugin as I do with many, to test it out. It is very popular and it is up-to-date: http://wordpress.org/extend/plugins/bulletproof-security/

    I also communicated with the developers and they pointed out even more hacks with my Blog, a separate issue (Not Superpuperdomain) This was after I got rid of the Superpuperdomain hack and Sucuri.net approved my Blog. The two posts I wrote explains this:

    Part One: http://bloggersweekly.com/2011/08/25/secure-steps-to-take-with-latest-wordpress-attacks-part-one/

    Part Two: http://bloggersweekly.com/2011/08/28/editingdeleting-hacker-files-part-two/

    BulletProof Security developers pointed out to me and were specific, that their Plugin will stop any "further" hacking but if you install it while you already have been hacked then you still would have to fix the problem. This plugin stops any further hacking, so if I completely, 100% eliminated ALL the hacks, then I should not be hacked again.

    Then again, there is no 100% solution and everyone knows it. But by protecting the .htcacess file, wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html securely, as the Plugin developers claim, then I am ahead of the game. Only time will tell, if I do get infected again and it has nothing to do with the present hacking problem, then I will be the first to admit it has a flaw. But right now, I am "personally" satisfied with it.

    Wolfsteritory,let's get this straight please, I am not contradicting anything you are saying but further investigating with you. Can you do us all a favor and because you are more familiar with hacking. Can you do us a favor and take a look at this Plugin more carefully? Let us know what your opinion is and what flaws it has. Thank You!

  5. Mike
    Posted 4 years ago #

    I wrote a script that helps to remove that malicious code - perhaps you find it useful: http://wordpresskeeper.com/knowledgebase/remove-mwjs2368-malware-from-your-wordpress/

    It removes that one:
    var _0x4470=["\x39\x3D\x31\x2E\x64\x28\x27\x35\x27\x29\x3B\x62\x28

    but you can easily adapt it to remove that one:
    var _0x4de4=["\x64\x20\x35\x28\x29\x7B\x62\x20\x30\x3D\x32\x2E\x63

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WordPress HTTPS (SSL)
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic