Support » Fixing WordPress » WP Hacked- Need help

  • My wordpress installation have been hacked.

    Someone have inserted spam links before the <head> tag. The links does not show up in the source code of the pages. Only in the google cache and in the source code of the google cache. Can anyone point me in the right direction on where to remove these links.

    I Know i really should have updated tha installation a long time ago and will be doing so today. I do however still need to find and fix this problem.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Couple of links to get you started then…
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

    Plenty of information on these forums though, so search away and you’ll find most answers you’ll need quite quickly.

    Thanks. I have searched these forums a lot. I also read the smackdown page put nothing I can find seems to apply to this situation, especially since the links are only visable in google and not in the source code of the pages themselves. It is almost as if it would allready have been cleaned up but I havent done that soo…

    the links are only visable in google and not in the source code of the pages themselves.

    There are tricky hacks that only show for Google or other search engines and hacks that only show depending on the referrer. Be sure to check your .htaccess (if you have one).

    yes it seems to be an hack that use cloaking to only show in google.

    I have checked my htaccess file but can not see anything wrong in it. CAn you.

    # BEGIN WPSuperCache
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /news/
    AddDefaultCharset UTF-8
    RewriteCond %{REQUEST_METHOD} !=POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress|wp-postpass_).*$
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteCond %{DOCUMENT_ROOT}/news/wp-content/cache/supercache/%{HTTP_HOST}/news/$1/index.html.gz -f
    RewriteRule ^(.*) /news/wp-content/cache/supercache/%{HTTP_HOST}/news/$1/index.html.gz [L]
    
    RewriteCond %{REQUEST_METHOD} !=POST
    RewriteCond %{QUERY_STRING} !.*=.*
    RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress|wp-postpass_).*$
    RewriteCond %{DOCUMENT_ROOT}/news/wp-content/cache/supercache/%{HTTP_HOST}/news/$1/index.html -f
    RewriteRule ^(.*) /news/wp-content/cache/supercache/%{HTTP_HOST}/news/$1/index.html [L]
    </IfModule>
    # END WPSuperCache
    <IfModule mod_rewrite.c>
    # BEGIN WordPress
    RewriteEngine On
    RewriteBase /news/
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /news/index.php [L]
    # END WordPress
    </IfModule>

    Have you actually done any of the steps in the Smackdown link..?

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘WP Hacked- Need help’ is closed to new replies.