1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Most of my sites hacked

Discussion in 'Black Hat SEO' started by moneymachine01, Sep 30, 2011.

  1. moneymachine01

    moneymachine01 Regular Member

    Joined:
    Sep 2, 2009
    Messages:
    339
    Likes Received:
    75
    I noticed most of my wordpress sites got hacked some how. They are loading up a bunch of urls in the status bar that I've never seen before. Most of the time they redirect to some other page. I have no idea how to fix it either. :(
     
  2. Expertpeon

    Expertpeon Elite Member

    Joined:
    Apr 22, 2011
    Messages:
    1,959
    Likes Received:
    1,187
    wipe, reinstall from backups?
     
  3. hustlehardx

    hustlehardx Newbie

    Joined:
    May 27, 2011
    Messages:
    19
    Likes Received:
    3
    for a small fee i will look into this for you with your permission.

    I have years experience in server security with both linux and windows machines. I am a IT professional by career, and if I cant fix it it's free (i'm 150% confident I can fix it for you). this will keep you from doing a wipe


    p/m me if interested
     
  4. TermsB

    TermsB Senior Member

    Joined:
    May 19, 2009
    Messages:
    1,076
    Likes Received:
    734
    Location:
    USA
    Most likely through a plugin or lack of updating.
     
  5. moneymachine01

    moneymachine01 Regular Member

    Joined:
    Sep 2, 2009
    Messages:
    339
    Likes Received:
    75
    All of the sites had the latest version of wordpress if that makes a difference. :confused:
     
  6. hustlehardx

    hustlehardx Newbie

    Joined:
    May 27, 2011
    Messages:
    19
    Likes Received:
    3
    If they took all of your websites its possible they have access to the server. Let me know. It's hard these days with newer distros to edit multiple sites recursively unless you have all files chmod'd to write
     
  7. moneymachine01

    moneymachine01 Regular Member

    Joined:
    Sep 2, 2009
    Messages:
    339
    Likes Received:
    75
    Strange but all of the symptoms went away suddenly. Almost like the hack only works at certain times or something. I did see an "OwNeD.php" in my sites.
     
  8. hustlehardx

    hustlehardx Newbie

    Joined:
    May 27, 2011
    Messages:
    19
    Likes Received:
    3

    that could be a PHP shell... can you give us the source of that file?
     
  9. jason2009

    jason2009 Senior Member

    Joined:
    Apr 23, 2010
    Messages:
    1,005
    Likes Received:
    206
    Occupation:
    Student
    Location:
    Earth
    At first check your theme and installed plugins. May be any of them containing hacking code or venerable. Delete any free plugins which is not from wordpress.org. And obviously check your theme ............
     
  10. moneymachine01

    moneymachine01 Regular Member

    Joined:
    Sep 2, 2009
    Messages:
    339
    Likes Received:
    75

    pm sent
     
  11. moneymachine01

    moneymachine01 Regular Member

    Joined:
    Sep 2, 2009
    Messages:
    339
    Likes Received:
    75

    The sites have different themes. I think this will be difficult to diagnose if the redirects only happen during certain times which seems to be the case.
     
  12. jethro

    jethro Regular Member

    Joined:
    Jun 20, 2011
    Messages:
    300
    Likes Received:
    48
    Occupation:
    Information Technology
    take a look at this fantastic 3d...it should help you to prevent this type of problem!

    Code:
    http://www.blackhatworld.com/blackhat-seo/blogging/342881-important-secure-your-wp-bastards-noobs-not-only.html
     
  13. sikandar

    sikandar Senior Member

    Joined:
    Mar 15, 2008
    Messages:
    1,097
    Likes Received:
    1,003
    One of the common causes is when you store passwords for FTP on your computer. There are some trojans which steal these passwords and hack your blogs. Check it for yourself if that is the problem with you. Also use secured FTP for better security.
     
  14. phpbuilt

    phpbuilt Jr. VIP Jr. VIP

    Joined:
    May 16, 2011
    Messages:
    1,650
    Likes Received:
    5,208
    Occupation:
    $ from websites I own.
    Location:
    putting monkeys in paypal
    Most hacks nowadays are "clever", they set a cookie so that it doesn't keep popping the same thing up on you -- you think its fixed but its only because you got the cookie, someone else visiting fresh will not have the cookie and it will pop up on them.

    It is probably a problem with one of your plugins, are they all updated as well?