WP Hacked- Need help

ggekko
(@ggekko)

14 years, 6 months ago

My wordpress installation have been hacked.

Someone have inserted spam links before the <head> tag. The links does not show up in the source code of the pages. Only in the google cache and in the source code of the google cache. Can anyone point me in the right direction on where to remove these links.

I Know i really should have updated tha installation a long time ago and will be doing so today. I do however still need to find and fix this problem.

Viewing 5 replies - 1 through 5 (of 5 total)

alism
(@alism)

14 years, 6 months ago

Couple of links to get you started then…
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

Plenty of information on these forums though, so search away and you’ll find most answers you’ll need quite quickly.

Thread Starter ggekko
(@ggekko)

14 years, 6 months ago

Thanks. I have searched these forums a lot. I also read the smackdown page put nothing I can find seems to apply to this situation, especially since the links are only visable in google and not in the source code of the pages themselves. It is almost as if it would allready have been cleaned up but I havent done that soo…

iridiax
(@iridiax)

14 years, 6 months ago

the links are only visable in google and not in the source code of the pages themselves.

There are tricky hacks that only show for Google or other search engines and hacks that only show depending on the referrer. Be sure to check your .htaccess (if you have one).
Thread Starter ggekko
(@ggekko)

14 years, 6 months ago
yes it seems to be an hack that use cloaking to only show in google.

I have checked my htaccess file but can not see anything wrong in it. CAn you.
```
# BEGIN WPSuperCache
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /news/
AddDefaultCharset UTF-8
RewriteCond %{REQUEST_METHOD} !=POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress|wp-postpass_).*$
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteCond %{DOCUMENT_ROOT}/news/wp-content/cache/supercache/%{HTTP_HOST}/news/$1/index.html.gz -f
RewriteRule ^(.*) /news/wp-content/cache/supercache/%{HTTP_HOST}/news/$1/index.html.gz [L]

RewriteCond %{REQUEST_METHOD} !=POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress|wp-postpass_).*$
RewriteCond %{DOCUMENT_ROOT}/news/wp-content/cache/supercache/%{HTTP_HOST}/news/$1/index.html -f
RewriteRule ^(.*) /news/wp-content/cache/supercache/%{HTTP_HOST}/news/$1/index.html [L]
</IfModule>
# END WPSuperCache
<IfModule mod_rewrite.c>
# BEGIN WordPress
RewriteEngine On
RewriteBase /news/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /news/index.php [L]
# END WordPress
</IfModule>
```
alism
(@alism)

14 years, 6 months ago

Have you actually done any of the steps in the Smackdown link..?

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘WP Hacked- Need help’ is closed to new replies.

WP Hacked- Need help

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics