1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[hacked] Need Help with my wordpress site

Discussion in 'Black Hat SEO Tools' started by bhavik85, May 2, 2015.

  1. bhavik85

    bhavik85 Junior Member

    Joined:
    Dec 31, 2010
    Messages:
    164
    Likes Received:
    27
    Gender:
    Male
    Location:
    India
    Home Page:
    I am running a wordpress website. recently I checked that when I login to my wordpress admin, it sends email to someone with admin credentials. Below is the mails which is being sent. I scanned my php files but I could not find anything mentioning these details. Please help me how can I stop it...It keeps sending emails from my host account and gets my domain blacklisted in spamhaus.

    ------------------+ WordPress Account +-----------------
    Forum URL : http://www.****.com/wp-login.php
    Email : admin
    Password : ****
    ----------------------- By safa7_22 --------------------------
    Victim IP : 49.13.61.45
    HostName : 49.13.61.45
    -------------------+ Created By safa7_22 +--------------------
     
  2. atoneus

    atoneus Newbie

    Joined:
    Dec 10, 2013
    Messages:
    23
    Likes Received:
    1
    Gender:
    Male
    Location:
    Vietnam
    Home Page:
    maybe your pc is infected
     
  3. roadhamster

    roadhamster Regular Member

    Joined:
    Mar 12, 2012
    Messages:
    335
    Likes Received:
    242
    Seems like you html is infected with a javascript that gets your username and password.
    Check out your source html, if you can't find anything check it live with "inspect element" in firefox or chrome. Maybe the script is injected dynamically. You could pm me the link and I'll check it out.
     
  4. blackpayman733

    blackpayman733 BANNED BANNED

    Joined:
    Aug 9, 2009
    Messages:
    5,194
    Likes Received:
    1,232
    Gender:
    Male
    it's malware , contact your hosting provider and ask them to scan,
     
  5. CodeBreaker007

    CodeBreaker007 Newbie

    Joined:
    Apr 23, 2015
    Messages:
    6
    Likes Received:
    0
    Its some script in your theme files just google it or contact your wordpress theme owner and I am sure you willl get a solution
     
  6. GraveDigger00

    GraveDigger00 Registered Member

    Joined:
    Jul 24, 2011
    Messages:
    88
    Likes Received:
    9
    Location:
    ND, USA
    Oh man, never seen that one, that's messed up. I have been hacked many a times in my day. You probably got a SQL injection. Fiverr has hack cleaning gigs that I have used before, and no they are not mine lol. Search google for cleaning it, sometimes you have to just search your files on the back end for specific code, its usually pretty easy to find acutally. Make sure you have Wordfence installed as a plugin, that also has a file modification scanner, and it's just a good security plugin. Your hosting probably wont do anything unless you have a managed hosting that you are paying extra for. I highly, highly doubt is something on your local desktop, but I would run your scans on your main website editing PC anyway cause you never know.
     
  7. TheEarner

    TheEarner Newbie

    Joined:
    Jul 7, 2014
    Messages:
    21
    Likes Received:
    4
    Contact this guy on fiverr to get it fixed e_websolutions
     
  8. hagoodatthowe

    hagoodatthowe Newbie

    Joined:
    Dec 22, 2014
    Messages:
    12
    Likes Received:
    2
    Best way contact ur hosting provider
     
  9. 67MAD54

    67MAD54 Regular Member

    Joined:
    Dec 8, 2013
    Messages:
    245
    Likes Received:
    75
    Location:
    UK
    I have been hacked in the past. Using nulled themes and pirated themes/plugins can cause this. Most of the time the hackers add some encrypted code to one of the php files. If you are doing this on your own make a backup and start from fresh, only add genuine files and plugins direct from the developers. Also check your database for any other users or outbound/inbound links that should not be there. Would be best to download it from the server and inspect it with Notepad++. As others have suggested also use the Chrome inspect element as this can show the outbound links or embedded functions within a page.

    Even though its a pain in the arse I have always enjoyed the challenge :)

    Good luck.
     
  10. Zwielicht

    Zwielicht Moderator Staff Member Moderator Jr. VIP

    Joined:
    Aug 31, 2013
    Messages:
    6,640
    Likes Received:
    11,780
    Gender:
    Male
    Occupation:
    Private Investigator
    Location:
    Riverside, California
    Home Page:
    How big is your site? If your web host cannot help, you don't have the budget to pay someone to fix the problem for you, and your site is small, then you should just do a clean install of the database and Wordpress CMS. At the very least, start by trying to delete plugins and theme files and then reinstalling them to see if that corrects the issue.

    Perhaps the suggestions I made in this post will help you as well:
     
  11. jerrymc

    jerrymc Regular Member

    Joined:
    May 7, 2014
    Messages:
    465
    Likes Received:
    69
    Location:
    Earth
    That is a malware attack. Better contact your hosting provider.

    Leverage your security capabilities next time OP. :)
     
  12. hanssolo

    hanssolo Jr. VIP Jr. VIP

    Joined:
    Oct 23, 2012
    Messages:
    585
    Likes Received:
    61
    Probably a SQL injection by a script kiddy or could be something worse. Either way, if you're on shared ask your host for help. Meanwhile, you need to protect your /wp-admin directory and upgrade WP.
     
  13. designcock

    designcock Junior Member

    Joined:
    Jul 30, 2014
    Messages:
    179
    Likes Received:
    14
    i can help you with this PM me if you need help
     
  14. avidtech

    avidtech Newbie

    Joined:
    May 4, 2015
    Messages:
    2
    Likes Received:
    0
    Seems that it is easy to hack unless you get the basics up front like using plugin "All in one Security" make sure to change you SQL prefix from the lame hack invitation of" wp_"to anything but, the longer the better. I also found the plugin "Zero Spam" is great for stopping user registration hack attacks and comment flames.
    Finally anyone using "admin" as the user name is begging to get done like a dinner.

    Best cure for any hack is an off line back up either on S3 or similar or to your PC but better to burn to CD after checking for virus and maware junk.
    If you suspect your PC is giving your website the virus then run avast,malwarebytes and essential to run Spybot search and destroy.

    In Cpanel you will also find a virus scanner which is strong enough to find bad scripts and don't forget to login to webmail and delete all the spammy mails which have virus attached and then use spam assassin and box top or verification to stop this method of getting into your website.

    Like wise if you need help PM me and I will help you to fix this mess, free of course.
     
  15. Marxx

    Marxx Newbie

    Joined:
    May 16, 2013
    Messages:
    15
    Likes Received:
    4
    I have faced something similar with nulled items.
     
  16. lord1027

    lord1027 Elite Member

    Joined:
    Sep 20, 2013
    Messages:
    3,177
    Likes Received:
    2,238
    Yes, very easy to do. Someone once asked me to do fix for him on his website and provided FTP login, but not WP and I needed those too. It's very easy to create a WP account if you have access to FTP (or if you share a "modified" premium plugin).