1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

somone hacked my wordpress site - help

Discussion in 'Cloaking and Content Generators' started by djc225, Mar 20, 2013.

  1. djc225

    djc225 Junior Member

    Joined:
    Aug 18, 2011
    Messages:
    174
    Likes Received:
    14
    Home Page:
    i still have access and everything.. they just added this code to the homepage:

    Code:
    <div id='hideMe'> <p><i> Payday Loans No Credit Checks <a href="[URL="http://www.blackhatworld.com/blackhat-seo/view-source:http://www.noteletrackcash4ps.com/"]http://www.noteletrackcash4ps.com/[/URL]" title="Payday Loans No Credit Checks">Payday Loans No Credit Checks</a></div><script type='text/javascript'>if(document.getElementById('hideMe') != null){document.getElementById('hideMe').style.visibility = 'hidden';document.getElementById('hideMe').style.display = 'none';}</script><div id="page" class="hfeed"> 	<header id="branding" role="banner">
    how could they do that, how do i remove it and how do i make sure it doesnt happen again?
     
  2. MysteryGuest

    MysteryGuest Registered Member

    Joined:
    Mar 7, 2013
    Messages:
    63
    Likes Received:
    18
    Occupation:
    Freelancer
    Location:
    Virtual World!
    Hello djc225, could you please send me the URL of you're domain? because of the rules you cant give the URL to me in this topic, so you may want to consider adding me! Skype: mysteryguest18. I can run full diagnostics if you give me the URL. sorry I cant give you my E-Mail because of the limits on this account that I currently have.
     
  3. djc225

    djc225 Junior Member

    Joined:
    Aug 18, 2011
    Messages:
    174
    Likes Received:
    14
    Home Page:
    can someone with some credibility please chime in...
     
  4. davids355

    davids355 Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 25, 2011
    Messages:
    9,231
    Likes Received:
    6,801
    Home Page:
    Probably out of date Wordpress.
    Goto appearance and editor, then look in the header file, it's probably in there.

    Remove, then update WP, all your plugins and themes then you should be good.

    If you stuck, PM me wp login, FTP and SQL access and ill do for you tomorrow.
     
  5. MysteryGuest

    MysteryGuest Registered Member

    Joined:
    Mar 7, 2013
    Messages:
    63
    Likes Received:
    18
    Occupation:
    Freelancer
    Location:
    Virtual World!
    well, if you have any plugins it's probably that. wordpress itself is mostly fine... even because of custom themes a wordpress domain can be exploitable, as I said before I can help you. I can run full diagnostics and show you exactly where the problem lies. Why looking every single file to check where the vulnerability lies. just send a pm of your domain name, and I give you the results in 1 hour.
     
  6. ija61

    ija61 Senior Member

    Joined:
    Mar 2, 2011
    Messages:
    964
    Likes Received:
    634
    Gender:
    Male
    Occupation:
    The first SEO economist:)
    Location:
    Romania
    Home Page:
    Make a search and see if you can get any information about this on the web... search for the website/ code segments ...etc

    Clean your PC... run a complete scan with an up to date antivirus... I will go further and format the entire PC... but...

    I will suggest that download the website and manually check all your files.. you can use Notepad++ for this. Do this on local.

    Change all the passwords....

    Then upload the website again and you should be done....

    There are many things that can bring you to that... It's also happen to me once and the problem was from an old version of FileZilla.

    But as I said first try to find what is the cause and then take all the measure... do not get lazy and take drastic measure to be sure
     
  7. The Engineer

    The Engineer Newbie

    Joined:
    Mar 20, 2013
    Messages:
    4
    Likes Received:
    0
    Occupation:
    Student
    Location:
    Russia
    Well they probably ejected CSS and Js code on your style.css file and index file. You must need a professions to do this job. But before everything keep a backup for your files.
     
  8. theAngle

    theAngle Junior Member

    Joined:
    May 19, 2012
    Messages:
    118
    Likes Received:
    53
    Occupation:
    Web Developer
    If you need help, PM me. I cant see your site, but I know all the vulnerability of the Wordpress. Once you close the holes this will never happen again. You need to take some precautions to avoid such a thing.
     
  9. MysteryGuest

    MysteryGuest Registered Member

    Joined:
    Mar 7, 2013
    Messages:
    63
    Likes Received:
    18
    Occupation:
    Freelancer
    Location:
    Virtual World!
    Mwehh thanks for clearing it out! wordpress: themes, plugins are bad... wordpress is fine. and yes The Engineer is right you wont be able to solve this problem if you don't have any knowledge on these things. Though still willing to give you the results or even help you fix it. all I need is the URL
     
  10. Batty

    Batty Newbie

    Joined:
    Dec 15, 2012
    Messages:
    32
    Likes Received:
    7
    Occupation:
    ebay
    Location:
    UK
    Some great advice, the more plug in the less secure a site seems to be. User names and passwords should be complicated also. Hope you get it fixed.
     
  11. sforzando

    sforzando Jr. VIP Jr. VIP Premium Member

    Joined:
    May 27, 2011
    Messages:
    368
    Likes Received:
    120
    Since I don't know jack about PHP/HTML/CSS, I use a Windows tool called GREP to search for strings in text files I want to edit. In this case I'd download the entire theme folder to desktop using FTP, and scan the entire folder with GREP for the string in question. Then modify what you need.

    You can also download the TAC plugin (theme authenticity checker) to check where external links are found. Another good one is Timthumb scanner, which will check if you have an exploitable timthumb.php file.

    Changing passwords for FTP, e-mail, wordpress logins also recommended.

    If you think this is due to a local infection (password sniffer, trojan, etc):

    Scan your computer with malware bytes and preferably another antivirus. A hacker could easily sniff FTP and passwords stored in web browsers, so you'd better change your passwords for everything. Also, update Java to the latest version, as there is an exploit for an older version.

    What happened to me around Christmas of last year was this. I got hit by a Java driveby, which is a script that uses a Java exploit to install files onto your computer without you seeing anything. The file turned out to be a virus, and I deleted it. So far, so good. Next day, my wordpress sites all were redirected to a site that ran a Java driveby. I got infected again since I visited my own site and was redirected. I removed the virus for the second time, upgraded Java, asked my webhost provider to sweep my domains for infections, and everything was OK.
     
  12. tnhomestead

    tnhomestead Regular Member

    Joined:
    Oct 9, 2011
    Messages:
    385
    Likes Received:
    253
    Location:
    Tenneessee USA
    Home Page:
  13. mralexander

    mralexander Newbie

    Joined:
    Dec 10, 2011
    Messages:
    18
    Likes Received:
    4
    Occupation:
    webmaster
    Location:
    world
    check your wp-config.php first
    usually a hackcode located there.
     
  14. mission

    mission Newbie

    Joined:
    Sep 9, 2009
    Messages:
    39
    Likes Received:
    20
    Occupation:
    IM
    Location:
    canada
    Home Page:
    my guess is the header.php file, Once you have done all the updates I'd install bulletproof security plugin.
     
  15. xasjmak

    xasjmak Newbie

    Joined:
    Dec 28, 2007
    Messages:
    47
    Likes Received:
    7
    Home Page:
    This thing often happened to me when my site ranked well for very commercial keywords, the best thing to do before you find a real solution to secure your website against hacking or something like that is : back up your entire site.
    It shoud help you when it happen! cheers.
     
  16. tompots

    tompots Elite Member Premium Member

    Joined:
    Dec 11, 2011
    Messages:
    4,355
    Likes Received:
    3,961
    Gender:
    Male
    Occupation:
    Full Time Bot Developer
    Location:
    Automation Alternatives
    Home Page:
    That's a bummer, but with wordpress it has to be expected. When I create a new wordpress site I install BP security plugin. (only install on a new site)
     
  17. seojessica

    seojessica Newbie

    Joined:
    Mar 20, 2013
    Messages:
    29
    Likes Received:
    0
    Occupation:
    business owner
    Location:
    Portland
    Don't use wordpress (OWNED).