Daniel Cid
Forum Replies Created
-
We also posted more details here:
http://blog.sucuri.net/2011/08/mass-infection-of-wordpress-sites-counter-wordpress-com.html
Hope it helps people to understand what is going on. Also, if you cleaned the .js file and is still seeing a warning, try o clear your browser cache.
thanks,
Forum: Fixing WordPress
In reply to: wordpress exploit, site hacked [newportalse.com]jeaniusog, speedrider: The sitecheck (from sucuri) won’t be able to scan inside your wp-admin (after you login), since it doesn’t have your credentials to there. It is a free scanner that will only check the external pages.
It seems that you might have additional malware on other javascript files that are only included inside the admin interface, so try checking that or doing a clean update of WordPress overwriting all the core files.
*you could use firefox with noscript to bypass the redirection too and force an update from wp-admin.
**Also try clearing your browser cache. Sometimes the .js files get cached longer…thanks,
Forum: Plugins
In reply to: Malware in W3 Total Cache?Hey, I replied in another thread to you, but your site is compromised with malware (on one of the .js files). Details here:
http://sitecheck.sucuri.net/scanner/?scan=girlgonegeekblog.com
It seems to be related to the timthumb.php infections we are seeing lately. So it might be something you want to check in your theme (or plugins).
thanks,
Forum: Fixing WordPress
In reply to: Strange Malware warning coming up on my site, please help!Your site is compromised with malware (one of the .js files). Details here:
http://sitecheck.sucuri.net/scanner/?scan=girlgonegeekblog.com
It seems to be related to the timthumb.php infections we are seeing lately. So it might be something you want to check in your theme (or plugins).
thanks,
Forum: Fixing WordPress
In reply to: wordpress exploit, site hacked [newportalse.com]Yes, this one is happening through the timthumb.php vulnerability. We posted some details here too:
http://blog.sucuri.net/2011/08/attacks-against-timthumb-php-in-the-wild-list-of-themes-and-plugins-being-scanned.html
http://blog.sucuri.net/2011/08/wordpress-sites-hacked-with-superpuperdomain2-com.htmlthanks,
Forum: Fixing WordPress
In reply to: Quick help for login neededIf you are not sure, upload all WordPress core files back to your site. That will guarantee that they are clean.
Also, rename (or delete) your plugins directory and start clean there download everything from scratch.
After that, check your wp-config.php to see if it hasn’t been modified and your themes files too (if you have a clean copy of them, put them back).
That should cover almost everything. *If you can’t login to wp-admin, try recovering the password or updating it directly via the database.
You can also run a quick (and free) malware scan here to see if it catches anything:
thanks,
Forum: Fixing WordPress
In reply to: Strange auto-re-directingThis uplifesearch redirection is related to the “superpuperdomain” attack that has been happening against sites using the vulnerable timthumb:
Forum: Requests and Feedback
In reply to: TimThumb Hack (was WordPress 3.2.1 vanilla is FAR from secure…)Where are you hosting your site? What themes do you have installed? That can make a big difference.
*If WP 3.2.1 itself was vulnerable, you would see a lot more hacked sites.
thanks,
Forum: Fixing WordPress
In reply to: HTML/IframeRef.X in WordPress CodeYes, the site is indeed hacked:
http://sitecheck.sucuri.net/scanner/?scan=http://postaljournal.org/
You have a malicious iframe (rqsyabp.co.tv) added in your index.php (via an eval call). You have to remove that bad from the index.php, and do a full sweep of your site for backdoors, rogue admin users, and things like that.
thanks.
Forum: Fixing WordPress
In reply to: Spam on my siteYour WordPress is outdated. Update it first, before you do anything else…
Forum: Fixing WordPress
In reply to: Hijacked / Redirected WP SiteThis is the problem you have:
Related to feedcat.net that got sold…
Did you save any of those files (or the malicious code)? If you did, can you email to me for analysis (my email = username).
thanks,
Forum: Fixing WordPress
In reply to: sh: /usr/local/bin/pythonLook at your index.php. Your site is probably hacked (seeing some hacked sites trying to contact an external host that is causing this error).
Forum: Fixing WordPress
In reply to: Spam content and links got inserted into my blog postsBtw, posted some a clean up script to go through all posts and remove the spam links:
http://blog.sucuri.net/2011/03/solution-for-the-link-injection-spam-from-basicpills.html
http://tools.sucuri.net/malware/helpers/spam-postremoval.txtJust rename to PHP, upload to your site and execute it from your browser.
thanks,
Forum: Fixing WordPress
In reply to: Website hackedBtw, if anyone need a simple script to remove the spam from all the posts, we posted it in here:
http://blog.sucuri.net/2011/03/solution-for-the-link-injection-spam-from-basicpills.html
http://tools.sucuri.net/malware/helpers/spam-postremoval.txtJust rename to PHP, upload to your site and execute it from your browser.
thanks,