1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

my site got injected!

Discussion in 'Blogging' started by mondmond88, Oct 15, 2009.

  1. mondmond88

    mondmond88 BANNED BANNED

    Joined:
    Apr 12, 2009
    Messages:
    200
    Likes Received:
    136
    when i log into my wordpress dashboard and left the page open,
    the page will automatically refreshes on its on

    and it will say
    transferring data from
    stripe.soul-network.de
    http://www.awltohvc.com

    and if i put those links into my new tab, i will get redirected to commision junction.
    so my site got injected with other people's code?
    how can i remove them?
     
  2. mondmond88

    mondmond88 BANNED BANNED

    Joined:
    Apr 12, 2009
    Messages:
    200
    Likes Received:
    136
    i checked my folders already
    only 3 plugins have the folders chmod to 777
    the others are all 755 or 644

    so i've changed the permisson for the plugins folders
    my htaccess is also 644

    i tried to check the codes to find the injected codes but couldn't find anything.
    is there any way to check my files easily so that i can remove them?
     
  3. cyrix

    cyrix Junior Member

    Joined:
    Sep 19, 2008
    Messages:
    179
    Likes Received:
    61
    Occupation:
    Full Time Internet Marketer\Developer
    Location:
    United States
    check your access and error logs, see if you can find where the intruder got in. look for local file inclusion attempts by searching for "../../../../" without the quotes. also keep a look out for a lot of errors that seem unusual.
     
  4. ericsson

    ericsson Elite Member Premium Member

    Joined:
    Apr 25, 2009
    Messages:
    2,642
    Likes Received:
    8,132
    Occupation:
    www
    Location:
    Swe
    Home Page:
    Delete the blog and do install everything again dude..

    If it´s injected.. SQLI then your are bambed :)

    //J
     
  5. trapmuzik

    trapmuzik Junior Member

    Joined:
    Mar 20, 2009
    Messages:
    192
    Likes Received:
    22
    it sounds like your wp-admin folder got hacked. you can just copy a new wp-admin folder over and see if that fixes it. you shouldnt have to reinstall
     
  6. macyzbor

    macyzbor Junior Member

    Joined:
    Jul 23, 2009
    Messages:
    147
    Likes Received:
    12
    Location:
    On the Sun
    what plugins did you used?
     
  7. JesusChristSr

    JesusChristSr Regular Member

    Joined:
    Jun 22, 2009
    Messages:
    258
    Likes Received:
    200
    Location:
    SLOTOWN
    One of my joomla sites got hacked awhile back cause I had some folders set to 777 for a component I was using. It was a major pain in the ass cleaning out all the code. Plus it too me 2 tries cause I didn't get it all the first time and was still getting the google malware warning. Trust me, if you have a back up copy of the site and will not lose that much data just us that. Trying to find and remove all the BS is totally sucks ass.
     
  8. ForeverNever

    ForeverNever Power Member

    Joined:
    Sep 17, 2008
    Messages:
    727
    Likes Received:
    365
    I think you mean to say Infected. Yeah just do what most of these guys are saying. Reset everything and make a new wp admin account.
     
  9. Nitros

    Nitros Power Member

    Joined:
    Jan 30, 2009
    Messages:
    573
    Likes Received:
    295
    Also make sure to check your computer for viruses and delete passwords from your ftp program.
     
  10. mondmond88

    mondmond88 BANNED BANNED

    Joined:
    Apr 12, 2009
    Messages:
    200
    Likes Received:
    136
    can i just simply copy a wp-admin folder and paste it over?
    will it affect my blog?

    i dare not delete cuz i've got bout 1000 post in it already. and im not very good with all these technical matters yet.
    afraid after deleting then my posts gonna go poof.
    LOL
    but i will try it on a new subdomain.

    i used many plugins
    but if you're asking bout the plugins which were chmod 777, i've stated it in my previous post
     
  11. mondmond88

    mondmond88 BANNED BANNED

    Joined:
    Apr 12, 2009
    Messages:
    200
    Likes Received:
    136
    i just did some checking
    the background loading of unidentified links only happen when im at Google XML sitemap plugin page.
    if i were at the dashboard or any other places, the background loading wouldnt' happen

    i checked the codes in the plugin folder for google sitemap generator and couldn't find the codes
    i will uninstall and reinstall a fresh copy of the plugin and see how it goes