UseShots
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Cleaning hacked Blog is beyond meDo you have a file called .htaccess in the blog root directory (not wp-admin/)? This file is “hidden” so be sure to configure your FTP program to view hidden files.
If you have this file, post its content here and we’ll try to figure out what’s wrong with it.
Forum: Fixing WordPress
In reply to: Cleaning hacked Blog is beyond meHi,
Links that use meaningful words instead of “?p=123” are called “pretty permalinks”. Your blog does use them. I noticed you’d changed them. They now look like “fontanablog/archives/549”. This sort of permalinks require adding some .htaccess redirect rules. WordPress creates them for you when you change the permalink structure in the Admin Interface.
I’m not sure what the “External Permalinks” plugin does. Maybe it’s misconfigures, since individual posts are still inaccessible. I have the “Redirect Loop” error in my FireFox when I try to open them.
Forum: Fixing WordPress
In reply to: Cleaning hacked Blog is beyond meHi,
The hack seemed to only injected hidden spam links to your blog web pages.
Since you use the default theme and the upgrade overwrites core .php files, the hidden links seems to have been removed. I don’t see any hidden spam links. That’s good.You might want to give the WordPress Exploit Scanner plugin a try. It searches files and database of your website for signs of suspicious activity. It will show if your blog still contains some malicious code.
You can olso use my online service called Unmask Parasites ( http://www.unmaskparasites.com/ ) to check for hidden illicit content on your web pages.
I have found another problem with your site. Individual posts redirect to themselves and introduce infinite loop. Just try to click on any post link – it won’t show. Or see this report:
http://www.UnmaskParasites.com/security-report/?page=fontanafirm.com/fontanablog/2009/02/18/where-are-my-courses/ – endless 302 redirects.Looks like a problem with .htaccess file. Try to change the permalink structure and then revert it back to the one you prefer. Hope this will rewrite the .htaccess file with correct redirect rules.
Forum: Fixing WordPress
In reply to: ISP moved to new server – can’t login as admin>Why is it trying to find a .htacess in wp-content/backup?
Probably, it’s one of your plugins.
>They migrated my SSH access, but the command set available on this new server is quite limited – no ‘find’, ‘chmod’, etc. Just vi, ls, and a few others.
Strange. Probably your shell is not properly configured. Contact you hosting provider.
Forum: Fixing WordPress
In reply to: WordPress hackedThe income .cn iframes are not even PHP-related. They are added at the bottom of files like index.html, index.php, etc.
The xtrarobotz/nipkelo/internetcountercheck hack is more sophisticated – it injects PHP-code. I didn’t investigate it, but since they usually appear on the same sites as the income .cn iframes, I assume the same compromised passwords are used.
Forum: Fixing WordPress
In reply to: Infection on blog – <inframe> code width linksForum: Fixing WordPress
In reply to: WordPress hackedHi,
This is not a WordPress exploit. Most likely FTP password is compromised.
I’ve just covered this particular exploit in my blog.
http://blog.unmaskparasites.com/2009/04/15/malicious-income-iframes-from-cn-domains/- Scan local computers for viruses and spyware
- Change FTP passwords
- Upload clean content from a backup
Forum: Everything else WordPress
In reply to: for what is xmlrpc.php used in wp ?XML-RPC Support in WordPress: http://codex.wordpress.org/XML-RPC_Support
Forum: Fixing WordPress
In reply to: RSS Feed ErrorHi,
This is a prevalent hack for the last couple of weeks. I’ve just blogged about it. (I’m posting the link in hope it will help resolve the issue)
http://blog.unmaskparasites.com/2009/04/02/malicious-stats-from-84-244-138-0/I have a strong feeling this hack has to do with compromised passwords.
Scan your computer for spyware and then change all site passwords.Forum: Fixing WordPress
In reply to: site hacked – internetcountercheck.com/?click#95609@travel-junkie: What FTP client do you use? Do you store your FTP passwords inside it? Some spyware programs can steal passwords from program settings.
Forum: Fixing WordPress
In reply to: WordPress is adding unwanted links in page content?!You have an unclosed a tag that makes everything after it a link. So it’s not a WordPress issue. It’s your theme/design bug
<a href="http://harborage.prime-design.org"> <img src="/wp-content/themes/uiy/images/logo.png" alt="Harborage logo" title="Harborage" id="logo"/> </div>Forum: Fixing WordPress
In reply to: Google URL for my site isn’t directing to my siteYou should add the following rule to your .htaccess file
Redirect permanent /wordpress http://www.domainname.comForum: Everything else WordPress
In reply to: Google is not indexing my post correctly!!You might want to ask this question here:
http://www.google.com/support/forum/p/Webmasters?hl=enForum: Fixing WordPress
In reply to: Parse error: parse error, unexpected ‘?’It’s not an HTML issue. It’s a security issue.
This hidden litetopfindworld iframe is a malicious one
http://www.google.com/safebrowsing/diagnostic?site=litetopfindworld.cn@coachguerci: Your site has been hacked! You should remove this iframe and investigate how it got there.
Forum: Fixing WordPress
In reply to: My blog is hackedWhat version did you have before the upgrade?
Scan your server for any suspicious files. Check file permissions. Most files should be read-only.