// email removed. Ive offerred to help this person before and never heard from ’em. No worries.
@whooami I would love your help, I will email you at the address you provided before, however I don’t have server logs going back more than 5 days and no clue how to access/read them.
email me here, I have some freetime
help.me.with.wordpress@gmail.com
oh and seriously, even if you are on a mac, scan your own machine.
Email sent. I am on a mac, but not sure how/what to scan. I don’t have any software for scanning anything on my machine. What should I use to scan and what am I looking for?
Just by way of more info, here’s everything I’ve tried:
Deleted all files on my server and started with a fresh WP install.
Changed all my WP passwords
Changed all my server passwords
Always kept WP up-to-date
Have switched to other plugins and kept up-to-date on those
deleted all customizations and used standard templates
double checked all file and directory permissions
contacted my web host (dreamhost) for help (no help)
avast makes a mac edition, you can get it right off apple.com
The hacks are always in the plugins folder.
Have you considered the painfully obvious? That one of your plugins is evil?
Actually, I deleted all my plugins a while back out of desperation. The one that is getting hacked most often is Askimet because every time WP alerts me that there is a new version available and I update it downloads askimet whether I want it or not. I don’t think that plugin is “evil” though, just the only one in there for them to hack.
The one that is getting hacked most often is Askimet because every time WP alerts me that there is a new version available and I update it downloads askimet whether I want it or not.
I may be misunderstanding something here, but it sounded like you just said this: Every time I update Akismet, it downloads a new version of Akismet.
To which … uh, yeah? That’s what updates do.
How are you so certain the ‘hacks’ are in the plugins folder? And what are the folder permissions on that folder?
@ipstenu
No you misunderstood what I was saying. I delete all plugins including Askimet but when a new update is available it re-installs Askimet. I suppose if I manually updated every time I could customize what files get updated and what files don’t.
As for why I know it’s the plugins folder, the hacked files are easy to spot and remove. They will, for example, create a new new file in a plugins folder named the same as the plugin with .bak (i.e. plugin.php.bak) and other type of strangely named file additions.
when I delete those files the injected spam links disappear from my site.
I ensure that my plugins folder always has the correct file permissions but the hackers are able to reset the file permissions of the folder and sub folders to 777. This has happened on various WP blogs in multiple hosting accounts. The hackers also always create rouge WP users which I continually delete from my MySQL database.
Right now I’m in “wait and see” mode, by which I mean I’m waiting to see if I’ve finally expunged them completely from my site. Unfortunately it could be months and months before I know if my site is still open to the hackers.
