WordPress.org

Forums

Viagra Hack On My Website (9 posts)

  1. MrBobBradley
    Member
    Posted 11 months ago #

    For my company site I have a link for Viagra that is located in the header area. However, when I look in the Header.php and other parts of the editor section in WP I can't find the hacked code. Any suggestions on how to delete this from the site?

    You can see the link at the top right of my company site at http://www.GasCanMusic.com

  2. James Huff
    Volunteer Moderator
    Posted 11 months ago #

    Remain calm and carefully follow this guide. When you're done, you may want to implement some (if not all) of the recommended security measures.

  3. Pyrate.Ned
    Member
    Posted 11 months ago #

    Do a search on your site for base base64_decode, if you find something like

    <?php $str = 'PGEgaH

    [code moderated - don't post hacking code in these forums]

    T4='; echo base64_decode($str); ?>

  4. @Pyrate.Ned: It's pretty meaningless to post the hacking code here. The link MacManX posted above http://codex.wordpress.org/FAQ_My_site_was_hacked is all @MrBobBradley needs.

  5. Pyrate.Ned
    Member
    Posted 11 months ago #

    Just trying to help and don't really see how posting the code which he may need to find and remove from his site to remove the hack is meaningless. It's all good like I said just trying to help.

  6. James Huff
    Volunteer Moderator
    Posted 11 months ago #

    Just trying to help and don't really see how posting the code which he may need to find and remove from his site to remove the hack is meaningless.

    I understand, and thanks for helping.

    Posting the code is mostly meaningless because the code itself can vary between site. It's just encoded text, so if the text or link is different, the code will be different. It would be like telling someone who wants to remove all the cars from their street to only look for blue Honda Civics. :)

    If you want to call attention to it, it's best to just mention the base64_decode($ bit, however some legitimate plugins and themes (though none allowed in the directories here) use base64 for various legitimate reasons, so we instead direct folks to the FAQ which offers much more detail.

  7. Pyrate.Ned
    Member
    Posted 11 months ago #

    I would have to disagree with you as I copied the link and text from this site and encoded it, meaning the encoded part would be the exact code on his site if it was the problem and would not vary in this case. Yes base64 does has some legitimate uses and I never said do a search and remove every base64_decode code on this site.

  8. James Huff
    Volunteer Moderator
    Posted 11 months ago #

    Ah, I didn't know you did that.

  9. Pyrate.Ned
    Member
    Posted 11 months ago #

    Like I said its all good everyone is just trying to help. Hopefully he can find it and remove it.

Reply

You must log in to post.

About this Topic