Discussion in 'Black Hat SEO' started by tedchang8592, May 22, 2012.
how to recovery quickly?
your mx is likely in the red with some spam detection and filtering services, but just disable or delete that file. Doesn't sound like a full outright hack. They usually put a statement on your site for that.
Did you have any sketchy plug-ins? Sometimes hackers will take an old plug-in, fix it up and add there hacks.
If so contact Wordpress support team and telling them what happened and what plug-in you think it might be.
It might help to list your plugins. I know one that I will never use again ...WP cumulus. Don't know if it's against the rules to post names of plugins I've had a bad experience with but sure I'll find out.
i also noticed that recent updated date of some directories are today, and some extra files created, like "plupload.js" "plupload.html4.js"
the code of plupload.html4.js below:
some display:none here
Disable your plugins 1 by 1, or call your host and ask when they did the last backup.
Paste that code into notepad then get a list of all your plug-ins. In notepad do Ctrl + f and search each plug-in one by one and try to find a connection.
EDIT : Oh and Plupload is a mass uploader (maybe the spam email accounts?)
I was thinking it was the 2 smileys in that script that could be causing the problems.
In my WP also have same errors ...
what can i do..??
Check your own PC for any malware, then change all of your login credentials, including (especially) FTP. If you do use FTP to upload files, you should probably find a better way. Look at all of your site files that were created or updated on the same day as those .js files appeared. They probably have some bit of code added to them. Download, edit, and reupload all of the affected files (delete the ones that shouldn't be there, obviously).
Be ridiculously thorough, because the vast majority of hacks leave a backdoor, so they will get you again if you miss something. If you have a full DB backup, it's probably faster to just restore a clean one and then secure the cleaned site than it is to hunt everything down.
For WordPress, get a good security plugin. I use Better WP Security. Lock everything down tight. Have file editing permissions set appropriately.
inspect all scripts you upload to your server!
I wouldn't search for this hack, because It may be on many places and after all you want clean site. What I do here is installing fresh new wordpress, uploading files from last one(Usually just images, because they are 100% clean). After that conect config file with existing mysql database or making new one by uploading sql file from hacked wordpress.
I'm not sure this could be just plugins, you could have hacked themes. Usually it's free ones or maybe if you downloaded theme from warez sites.
Hope it helps.
As others have said, it is very likely an insecure plugin. I would make sure all of your plugins are up to date and search each one online to see if they have been reported as having any security vulnerabilities.
There might be no problem at all with your sites.
But someone, who is hosted on the same host - could be hacked.
If hacker gains shell access to host - he can exploit not only sites of one user, but all files on current server.
PM me your site adress..if your problem same like me,i can help...before this 3 my site got hacked(same hosting)
Separate names with a comma.