1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

all wp sites got hacked

Discussion in 'Black Hat SEO' started by tedchang8592, May 22, 2012.

  1. tedchang8592

    tedchang8592 Regular Member

    Joined:
    Sep 9, 2010
    Messages:
    266
    Likes Received:
    63
    how to recovery quickly?
     
  2. jollymonsa

    jollymonsa Junior Member

    Joined:
    Jul 12, 2011
    Messages:
    105
    Likes Received:
    17
    Occupation:
    Programmer and Developer
    Location:
    Austin Texas
    your mx is likely in the red with some spam detection and filtering services, but just disable or delete that file. Doesn't sound like a full outright hack. They usually put a statement on your site for that.
     
  3. Grinch

    Grinch Regular Member

    Joined:
    Jan 26, 2012
    Messages:
    272
    Likes Received:
    204
    Gender:
    Male
    Occupation:
    Student & Internet Marketer
    Location:
    New York ツ
    Did you have any sketchy plug-ins? Sometimes hackers will take an old plug-in, fix it up and add there hacks.

    If so contact Wordpress support team and telling them what happened and what plug-in you think it might be.
     
    Last edited: May 22, 2012
  4. BlackhatBigfoot

    BlackhatBigfoot Regular Member

    Joined:
    Mar 27, 2011
    Messages:
    242
    Likes Received:
    168
    Occupation:
    Forest worker
    Location:
    Hot a$$ Phoenix
    It might help to list your plugins. I know one that I will never use again ...WP cumulus. Don't know if it's against the rules to post names of plugins I've had a bad experience with but sure I'll find out.
     
    Last edited: May 22, 2012
  5. tedchang8592

    tedchang8592 Regular Member

    Joined:
    Sep 9, 2010
    Messages:
    266
    Likes Received:
    63
    i also noticed that recent updated date of some directories are today, and some extra files created, like "plupload.js" "plupload.html4.js"

    the code of plupload.html4.js below:

    some display:none here
     
  6. jollymonsa

    jollymonsa Junior Member

    Joined:
    Jul 12, 2011
    Messages:
    105
    Likes Received:
    17
    Occupation:
    Programmer and Developer
    Location:
    Austin Texas
    Disable your plugins 1 by 1, or call your host and ask when they did the last backup.
     
  7. Grinch

    Grinch Regular Member

    Joined:
    Jan 26, 2012
    Messages:
    272
    Likes Received:
    204
    Gender:
    Male
    Occupation:
    Student & Internet Marketer
    Location:
    New York ツ
    Well its clearly a first child Javascript code.

    Paste that code into notepad then get a list of all your plug-ins. In notepad do Ctrl + f and search each plug-in one by one and try to find a connection.

    EDIT : Oh and Plupload is a mass uploader (maybe the spam email accounts?)

    www.plupload.com
     
    Last edited: May 22, 2012
  8. caitlin

    caitlin Junior Member

    Joined:
    Feb 16, 2010
    Messages:
    168
    Likes Received:
    72
    I was thinking it was the 2 smileys in that script that could be causing the problems. :)
     
  9. commenting shop

    commenting shop BANNED BANNED

    Joined:
    Apr 28, 2012
    Messages:
    1,145
    Likes Received:
    273
    In my WP also have same errors ...

    what can i do..??
     
  10. WCO12

    WCO12 Junior Member

    Joined:
    Feb 1, 2012
    Messages:
    170
    Likes Received:
    91
    Occupation:
    Empire building
    Location:
    Columbus, OH, USA
    Check your own PC for any malware, then change all of your login credentials, including (especially) FTP. If you do use FTP to upload files, you should probably find a better way. Look at all of your site files that were created or updated on the same day as those .js files appeared. They probably have some bit of code added to them. Download, edit, and reupload all of the affected files (delete the ones that shouldn't be there, obviously).

    Be ridiculously thorough, because the vast majority of hacks leave a backdoor, so they will get you again if you miss something. If you have a full DB backup, it's probably faster to just restore a clean one and then secure the cleaned site than it is to hunt everything down.

    For WordPress, get a good security plugin. I use Better WP Security. Lock everything down tight. Have file editing permissions set appropriately.
     
    • Thanks Thanks x 1
  11. lanbo

    lanbo Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 23, 2009
    Messages:
    3,435
    Likes Received:
    595
    Home Page:
    inspect all scripts you upload to your server!
     
  12. crosnake

    crosnake Junior Member

    Joined:
    Feb 7, 2010
    Messages:
    177
    Likes Received:
    73
    I wouldn't search for this hack, because It may be on many places and after all you want clean site. What I do here is installing fresh new wordpress, uploading files from last one(Usually just images, because they are 100% clean). After that conect config file with existing mysql database or making new one by uploading sql file from hacked wordpress.

    I'm not sure this could be just plugins, you could have hacked themes. Usually it's free ones or maybe if you downloaded theme from warez sites.

    Hope it helps.
     
  13. artificial_genius

    artificial_genius Jr. VIP Jr. VIP

    Joined:
    Sep 27, 2011
    Messages:
    863
    Likes Received:
    314
    Home Page:
    As others have said, it is very likely an insecure plugin. I would make sure all of your plugins are up to date and search each one online to see if they have been reported as having any security vulnerabilities.
     
  14. AlexMit

    AlexMit Junior Member

    Joined:
    Jun 20, 2011
    Messages:
    122
    Likes Received:
    53
    Occupation:
    Mashups Building
    Location:
    You won't believe
    Home Page:
    There might be no problem at all with your sites.
    But someone, who is hosted on the same host - could be hacked.

    If hacker gains shell access to host - he can exploit not only sites of one user, but all files on current server.
     
  15. Xpired

    Xpired Junior Member

    Joined:
    Jul 19, 2010
    Messages:
    196
    Likes Received:
    50
    Occupation:
    Free
    Location:
    BHW
    PM me your site adress..if your problem same like me,i can help...before this 3 my site got hacked(same hosting)