Title: smartobject2's Replies | WordPress.org

---

# smartobject2

  [  ](https://wordpress.org/support/users/smartobject2/)

 *   [Profile](https://wordpress.org/support/users/smartobject2/)
 *   [Topics Started](https://wordpress.org/support/users/smartobject2/topics/)
 *   [Replies Created](https://wordpress.org/support/users/smartobject2/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/smartobject2/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/smartobject2/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/smartobject2/engagements/)
 *   [Favorites](https://wordpress.org/support/users/smartobject2/favorites/)

 Search replies:

## Forum Replies Created

Viewing 15 replies - 1 through 15 (of 21 total)

1 [2](https://wordpress.org/support/users/smartobject2/replies/page/2/?output_format=md)
[→](https://wordpress.org/support/users/smartobject2/replies/page/2/?output_format=md)

 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Site hacked and redirecting](https://wordpress.org/support/topic/site-hacked-and-redirecting/)
 *  [smartobject2](https://wordpress.org/support/users/smartobject2/)
 * (@smartobject2)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/site-hacked-and-redirecting/#post-3950061)
 * I second Jan’s approach — unless you are just curious about the hack, it’s best
   to backup and re-install with the proper hardening.
 * It can be frustrating and futile to try and pin-down the exact back-door.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [hacked site, now randomness in various places](https://wordpress.org/support/topic/hacked-site-now-randomness-in-various-places/)
 *  [smartobject2](https://wordpress.org/support/users/smartobject2/)
 * (@smartobject2)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/hacked-site-now-randomness-in-various-places/#post-3324987)
 * I see other places have similar conditions when I search google on +ACYAIw-8217
   +ADs-s
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [My WordPress is hacked](https://wordpress.org/support/topic/my-wordpress-is-hacked-1/)
 *  [smartobject2](https://wordpress.org/support/users/smartobject2/)
 * (@smartobject2)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/my-wordpress-is-hacked-1/#post-2831063)
 * Oops – I see now you’ve been here since before I had even heard of WordPress –
   
   Cheers
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [My WordPress is hacked](https://wordpress.org/support/topic/my-wordpress-is-hacked-1/)
 *  [smartobject2](https://wordpress.org/support/users/smartobject2/)
 * (@smartobject2)
 * [13 years, 11 months ago](https://wordpress.org/support/topic/my-wordpress-is-hacked-1/#post-2831061)
 * Sure, but the password change is only one step. Now, back up the the files/directories.
   Then remove them-not wp-config.p- and re-install WordPress.
    Also search on harden
   WordPress here at the dot org site for some other steps / advice.
 * If the site has been hacked, then the hacker has a backdoor somewhere in your
   files / directories. Only a complete remove and re-install will get you started
   in the right direction (in my opinion).
 * Don’t forget the backup step and ask someone if you’re not sure.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Why Are wordpress teams not solving this ? Biggest WordPress Loop hole……….](https://wordpress.org/support/topic/biggest-wordpress-issue-and-security-hole-hackers-found/)
 *  [smartobject2](https://wordpress.org/support/users/smartobject2/)
 * (@smartobject2)
 * [14 years, 2 months ago](https://wordpress.org/support/topic/biggest-wordpress-issue-and-security-hole-hackers-found/#post-2616194)
 * Especially read and do the part that advises removal of _everything_ on your 
   site. You don’t have to physically delete it, just take an FTP application and“
   move” your site root files and dirs away to a new directory like “oldsiteJKL”
   
   Then apply the other security advice in the articles as you re-install WordPress
   and for the images you copy them back as needed.
 * If you dont remove everything, then you are just leaving the hacker’s back door
   untouched – that’s why it happens again.
 * But do delete the oldsite files once your up and running.
 * Cheers,
    let us know how it goes.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[wp Time Machine] [Plugin: wp Time Machine] Hit and miss performance with wpTimeMachine](https://wordpress.org/support/topic/plugin-wp-time-machine-hit-and-miss-performance-with-wptimemachine/)
 *  Thread Starter [smartobject2](https://wordpress.org/support/users/smartobject2/)
 * (@smartobject2)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/plugin-wp-time-machine-hit-and-miss-performance-with-wptimemachine/#post-2356239)
 * BTW – This has been running great – daily backups and I can see the new files
   appear each day on dropbox.
 * I am using the curl command on network solutions scheduled tasks:
    `curl "http://
   www.sheltonresearch.com/wp-content/plugins/wp-time-machine/cron.php?generate=
   1" >/dev/null`
 * The >/dev/null means I do _not_ get emails of normal output, but I should get
   an email if there is an error. Errors go to a different output channel on unix
   and pass through the scheduler as output to be emailed.
 *   Forum: [Hacks](https://wordpress.org/support/forum/plugins-and-hacks/hacks/)
   
   In reply to: [Hacked page and can't log in or request new password](https://wordpress.org/support/topic/hacked-page-and-cant-log-in-or-request-new-password/)
 *  [smartobject2](https://wordpress.org/support/users/smartobject2/)
 * (@smartobject2)
 * [14 years, 3 months ago](https://wordpress.org/support/topic/hacked-page-and-cant-log-in-or-request-new-password/#post-2552493)
 * BTW – You do have a lot of posts and comments I see on google cache – If you 
   want, I think I can recover most of it back and we can load it in your new database.
 * I left a comment on your new site with contact info, if needed.
    Cheers
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Blog repeatedly hacked by Prishtina Hackers Group](https://wordpress.org/support/topic/blog-repeatedly-hacked-by-prishtina-hackers-group/)
 *  [smartobject2](https://wordpress.org/support/users/smartobject2/)
 * (@smartobject2)
 * [14 years, 6 months ago](https://wordpress.org/support/topic/blog-repeatedly-hacked-by-prishtina-hackers-group/#post-2396820)
 * You should be suspicious of the restored database and use some SQL select statements
   from the phpMyAdmin screen that search the posts and comments tables for malware.
 * Sorry I dont see the specific entries here, but to show any suspect entries here
   are some sql commands (each is a individual command):
    select * from wp_posts
   where post_content like ‘%base64%’ select * from wp_posts where post_content 
   like ‘%eval%’ select * from wp_posts where post_content like ‘%strrev%’ select*
   from wp_comments where comment_content like ‘%base64%’ select * from wp_comments
   where comment_content like ‘%eval%’ select * from wp_comments where comment_content
   like ‘%strrev%’
 * A positive hit is not necessarily bad, but should be investigated.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Blog repeatedly hacked by Prishtina Hackers Group](https://wordpress.org/support/topic/blog-repeatedly-hacked-by-prishtina-hackers-group/)
 *  [smartobject2](https://wordpress.org/support/users/smartobject2/)
 * (@smartobject2)
 * [14 years, 6 months ago](https://wordpress.org/support/topic/blog-repeatedly-hacked-by-prishtina-hackers-group/#post-2396818)
 * Read through all FAQ’s etc. mentioned above. They will all support each other
   with the to-do items, File and Directory Permissions, Auth Keys, etc.
 * When you login with cPanel (or use a FTP application) change the permissions 
   on directories to 755 (numeric for Read/Write/Execute for You, execute for Group,
   execute for World).
    All Files should be 644 (RW, R, R) EXCEPT for wp-config 
   which will be 600. Exceptions may be the Uploads Directory.
 * I dont want to get too wordy — but another good point is to completely remove
   any themes or plugins that are not used.
 * I have seen log entries on my site where hackers are trying to access plugins
   that I don’t have — maybe they have a list of exploitable plugins.
 * But bottom line is – you can do it with the tools/techniques mentioned above.
 * Get a dropbox account and install a backup plugin to place your stuff there.
   
   Cheers, Keep in touch
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Blog repeatedly hacked by Prishtina Hackers Group](https://wordpress.org/support/topic/blog-repeatedly-hacked-by-prishtina-hackers-group/)
 *  [smartobject2](https://wordpress.org/support/users/smartobject2/)
 * (@smartobject2)
 * [14 years, 6 months ago](https://wordpress.org/support/topic/blog-repeatedly-hacked-by-prishtina-hackers-group/#post-2396792)
 * Adam – are you really on WP 2.92 ?
    [http://www.adamfaragalli.com/readme.html](http://www.adamfaragalli.com/readme.html)
 * Let me know how it goes.
    [support@sheltonresearch.com](https://wordpress.org/support/users/smartobject2/replies/support@sheltonresearch.com?output_format=md)
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[LeagueManager] [Plugin: LeagueManager] Plugin Future](https://wordpress.org/support/topic/plugin-leaguemanager-plugin-future/)
 *  [smartobject2](https://wordpress.org/support/users/smartobject2/)
 * (@smartobject2)
 * [14 years, 6 months ago](https://wordpress.org/support/topic/plugin-leaguemanager-plugin-future/page/2/#post-1835154)
 * @ stvitusdance I second the request for a peek at your improvements. I looked
   at both trappers.nl and violafans.net and both are great.
 * I am just now trying to bring up this plugin on my localhost / dev platform.
 * Thank you
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [WP Plugin Cron job settings](https://wordpress.org/support/topic/wp-plugin-cron-job-settings/)
 *  [smartobject2](https://wordpress.org/support/users/smartobject2/)
 * (@smartobject2)
 * [14 years, 7 months ago](https://wordpress.org/support/topic/wp-plugin-cron-job-settings/#post-1991684)
 * There should be a log file created in your wp-content directory — get a dir listing
   with an ftp client and view it.
 * Also if your backups are there (zip extension and sql extension) it means that
   the backup ran ok, but the files could not be uploaded to dropbox.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [the_title(); shows only first word in Title](https://wordpress.org/support/topic/the_title-shows-only-first-word-in-title/)
 *  [smartobject2](https://wordpress.org/support/users/smartobject2/)
 * (@smartobject2)
 * [14 years, 8 months ago](https://wordpress.org/support/topic/the_title-shows-only-first-word-in-title/#post-2301314)
 * I think you need double quotes around the data-text value?
    data-text=”<?php 
   the_title(); ?>”
 * Cheers,
    Lee
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [My wordpress got hacked via a plugin](https://wordpress.org/support/topic/my-wordpress-got-hacked-via-a-plugin/)
 *  [smartobject2](https://wordpress.org/support/users/smartobject2/)
 * (@smartobject2)
 * [14 years, 9 months ago](https://wordpress.org/support/topic/my-wordpress-got-hacked-via-a-plugin/#post-2202620)
 * If your friend cannot tell you which plugin, I would suspect the friend is simply
   stating a hypothetical premise.
 * I think esmi is telling you to be sure you have the most recent versions of the
   plugins and the plugins should come from WordPress.org
 * After that…
    If you cannot contact the friend for clarification, get a ftp copy
   of the plugins directory downloaded to your computer and do a text search for
   things like eval, base64 and the malefactor’s email address above.
 * Cheers,
    Lee
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [My WordPress site got hacked.](https://wordpress.org/support/topic/my-wordpress-site-got-hacked-1/)
 *  [smartobject2](https://wordpress.org/support/users/smartobject2/)
 * (@smartobject2)
 * [14 years, 10 months ago](https://wordpress.org/support/topic/my-wordpress-site-got-hacked-1/#post-2186208)
 * Sure you can use FileZilla or any FTP to pull the files onto your computer. The
   only change I made to the plugin was to add strrev and htmlspecial to the search
   terms. I don’t know why I put the html thing in there – may not be helpful.

Viewing 15 replies - 1 through 15 (of 21 total)

1 [2](https://wordpress.org/support/users/smartobject2/replies/page/2/?output_format=md)
[→](https://wordpress.org/support/users/smartobject2/replies/page/2/?output_format=md)