1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Everyone of my wordpress sites got hacked with this....

Discussion in 'Blogging' started by angelas111, Aug 29, 2010.

  1. angelas111

    angelas111 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 4, 2009
    Messages:
    1,569
    Likes Received:
    1,016
    Location:
    ohio
    if i am not allowed to post this here. please remove or let me know. but all the sites were on the same server. this was injected into all of the index.php files. i have since deleted it from all of them and sites are back to normal. but does anyone know how this can happen? it happened to every site on that hosting account.
     
  2. volund

    volund Senior Member

    Joined:
    Jan 24, 2010
    Messages:
    1,158
    Likes Received:
    728
    Occupation:
    Trying to make a buck or two
    Location:
    NW Arkansas
    Most likely it came from your computer. There are a few out there that will steal your ftp passwords and load a trojan to all of your sites.

    You need to make sure that your computer is 100% clean. In addition to your anti-virus also check with malwarebytes and superantispyware.

    Once your computer is clean you need to change all of your ftp passwords and then check all the files on your site paying special attention to all the index pages (not just the main ones) and all your .js files. You should also change your admin password and your database password as well.

    If you have recent backups then just delete the files and upload the clean ones. If not download the files to your computer and check them using window grep for the malicious code and then upload when clean.
     
  3. seorebel

    seorebel Junior Member

    Joined:
    Aug 15, 2008
    Messages:
    174
    Likes Received:
    920
    Since it's a wordpress blog, I find it more likely that there is a flaw in the security of one of your plugins.. Make sure that you are running the latest Wordpress version, and that all plugins are up to date.
     
  4. mil0x

    mil0x Power Member

    Joined:
    May 27, 2008
    Messages:
    702
    Likes Received:
    643
    Occupation:
    ??
    Location:
    Somewhere on the net..
    Run MalwareBytes and look at your FTP logs.. I caught a similar thing a while ago (causing iframes on all of my sites and BSOD's), in the end I had to throw my computer away, god that was a 'good' virus, couldn't access anything anymore, it'd just crash. So if there's nothing happening with your computer yet, try as much as you can to get rid off the virus. It could also be a hacked server on your hosts end.
     
  5. RamChaturvedi

    RamChaturvedi Supreme Member

    Joined:
    Apr 7, 2009
    Messages:
    1,359
    Likes Received:
    436
    Occupation:
    Internet Marketing
    Location:
    Undetected
    Some days back 1 of my sites also got hacked. Though only the index.php was changed from the hacker and database was kept intact i saw. I just downloaded the whole database and had it scanned from Kaspersky and it found tons ofVvirus/Trojan.

    I contacted the hosting provider and he told me that its becoz of the Plugins i use. Now i run over 25 plugins on my WP blogs. Dont really know which one was infected!! :|
     
  6. RAYRAY7

    RAYRAY7 Regular Member

    Joined:
    Nov 17, 2007
    Messages:
    305
    Likes Received:
    196
    This recently happened to one of my site and the person left a calling email from Turkey. My suspicion falls on proxy usage. The way i understand it, the proxy site can capture anything you type into your browser.

    Becareful, what proxies you use or delete the proxy before punching in your sensitive password.
     
  7. tnenad

    tnenad Regular Member

    Joined:
    Jul 13, 2009
    Messages:
    214
    Likes Received:
    174
    Location:
    Serbia
    For better protection I recommend you to use Vmware just for FTP ;)
     
  8. angelas111

    angelas111 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 4, 2009
    Messages:
    1,569
    Likes Received:
    1,016
    Location:
    ohio
    wow, 3 years later. i totally forgot about this. a couple of my wordpress sites got hacked again and i googled fisherstan.ru and this thread was the first result. wow, it bit me again.
     
    Last edited: Apr 3, 2013
  9. BFHoodn!nja

    BFHoodn!nja Regular Member

    Joined:
    Jun 18, 2011
    Messages:
    246
    Likes Received:
    89
    Happened to me, downloaded a few nulled wordpress themes and they ran scripts on my hosting shutting down the whole shared hosting server.
    I diddn't even have the theme installed, it was just sitting in my wordpress folder with no use for it. Luckily I make backups once a week
     
  10. ID Internet Marketer

    ID Internet Marketer Senior Member

    Joined:
    Jan 22, 2013
    Messages:
    938
    Likes Received:
    1,442
    Occupation:
    Blackhatworld Member
    Location:
    My Private ***
    I believe you got LFI or RFI.
     
  11. thatotherguy

    thatotherguy Power Member

    Joined:
    Mar 4, 2012
    Messages:
    555
    Likes Received:
    249
    Happened to me also before. Different wordpress website were being hacked.
     
  12. Grimpster2013

    Grimpster2013 Newbie

    Joined:
    Apr 3, 2013
    Messages:
    16
    Likes Received:
    1
    Wow. That sucks. I hope you backed up all of your info. My old host got hacked regularly, I moved quickly to switch hosts.