UseShots
Forum Replies Created
-
Forum: Everything else WordPress
In reply to: My site’s .htaccess file hacked, how?Very strange. Contact your hosting provider. Let them check FTP logs.
You can try to set .htaccess permissions to 444. You can restore write permissions when you really need to modify it.
Forum: Everything else WordPress
In reply to: Am I hacked or what?I don’t see the full code snippet so I can only guess.
That looks like an attempt to insert something just before the closing /html tag. Very popular technique to insert malicious scripts and hidden iframes.
Ant this can be a “dry run”. Automated program from a zombi computer tries to insert this code into every WordPress blog (or PHP site) and another automated program checks which sites are really vulnerable (they would contain that “update number”) so that it can inject something more meaningful (and dangerous).
Forum: Fixing WordPress
In reply to: WordPress HackedExploiting WordPress vulnerabilities is not the only way to hack a site.
Make sure your FTP passwords have not been compromised. Change them ASAP and try not to store them unprotected. Some trojans steal passwords from FTP programs’ settings.Not sure it’s your case, but changing passwords after a hack is always a good idea.
Forum: Fixing WordPress
In reply to: How to chmod the .htaccess file to 666? (to use permalinks)What programs do you use?
If you have SSH access the command is:
chmod 666 .htaccessIf you use FTP, the instructions will depend on your FTP client.
For example, in FileZilla, you need to right click the file and choose “File Attributes..” and then mark all check boxes or enter “666” in the “Numeric value” edit box.ATTENTION: Make sure to revert file permissions back to 644 when your permalink structure is set up. 666 .htaccess file can be easily abused.
Forum: Fixing WordPress
In reply to: Apparently, I have malwareLooks like it’s clean right now.
Make sure to read http://codex.wordpress.org/Hardening_WordPress
Forum: Fixing WordPress
In reply to: Check number of RSS subscribers?FeedBurner has very good statistics facilities. And they have a plugin to redirect your default wordpress feed.
Forum: Fixing WordPress
In reply to: How to find .htaccess file in Word Press Admin areaI don’t remember there was a way to edit .htaccess directly from WP admin.
You should use your FTP-client to download/modify/upload the file. Or SSH.
This file is hidden so make sure your FTP client views hidden files.Here is the “Apache Tutorial: .htaccess files”
http://httpd.apache.org/docs/trunk/howto/htaccess.htmlForum: Fixing WordPress
In reply to: How to find .htaccess file in Word Press Admin areaI don’t remember there was a way to edit .htaccess directly from WP admin.
You should use your FTP-client to download/modify/upload the file. Or SSH.
This file is hidden so make sure your FTP client views hidden files.Here is the “Apache Tutorial: .htaccess files”
http://httpd.apache.org/docs/trunk/howto/htaccess.htmlForum: Alpha/Beta/RC
In reply to: Bug: WP 2.7 RC2. XMLRPC – getCategoriesChecked with another XMLRPC client and it worked. Must be a bug in the client.
My appologies for the false alert. I should have tested the issue more thoroughly.
Thanks
Forum: Alpha/Beta/RC
In reply to: Bug: WP 2.7 RC2. XMLRPC – getCategoriesThe same in the final release 2.7
Forum: Fixing WordPress
In reply to: WordPress Hacked with hidden spam codeIllicit code is usually encrypted. Check the your theme files or wp-blog-header.php for strings like “base64_decode”, “gzinflate”.
Could you post the link?
Forum: Alpha/Beta/RC
In reply to: 2.7 RC1 Crashes FirefoxFirefox sometimes crashes when I save/update posts in WP 2.7 RC1. Something like every 3rd or 4th save.
I suspect it has something to do with JS. When I restore the browsers session everything is back to norm (the post is saved).
Win XP, Firefox 2.0.0.18
Forum: Fixing WordPress
In reply to: Redirect LoopHi,
I can see that you blog is infected with the “sattan .org” redirect hack.
http://www.unmaskparasites.com/security-report/?page=faithinchandler.com/blog/You can read more about it here:
http://wordpress.org/support/topic/220840Forum: Fixing WordPress
In reply to: WordPress Hacked15 sites! wow! Could you share the datailed clean up instructions, including fake file names, wordpress username, database tables, etc?
Forum: Everything else WordPress
In reply to: My site’s .htaccess file hacked, how?Well, but how one would upload the the PHP shell script? I’ve seen this exploit on pure html no-db sites.