1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wordpress blog Hacked!!!

Discussion in 'Blogging' started by speedy5044, Apr 20, 2011.

  1. speedy5044

    speedy5044 Regular Member

    Joined:
    Jul 29, 2008
    Messages:
    456
    Likes Received:
    993
    Occupation:
    IM
    Hi
    I keep finding this iframe in my index page (not in the theme , but in the wordpress directory) i tried to remove the code but it keep getting back , i even searched for the link in the DB but without any luck , any idea how to fix that?
    Thanks
     
  2. roamer

    roamer Power Member

    Joined:
    Dec 2, 2008
    Messages:
    500
    Likes Received:
    479
    Occupation:
    Gfx designer, vfx and mgfx
    Location:
    plɹoʍ ǝɥʇ punoɹɐ ƃuıɯɐoɹ
    Look inside your css files. Also, try to find how is your account being accessed (shell scripts, etc.).
     
    • Thanks Thanks x 1
  3. speedy5044

    speedy5044 Regular Member

    Joined:
    Jul 29, 2008
    Messages:
    456
    Likes Received:
    993
    Occupation:
    IM
    Thanks , but can you please explain more :p im not good in programming , i have loked in the css files and everything is normal .
     
  4. Scripteen

    Scripteen Elite Member

    Joined:
    Sep 19, 2009
    Messages:
    1,811
    Likes Received:
    1,918
    Home Page:
    One of your plugins is not secure. I'd deactivate and remove them all and force wordpress update (even if there is no update so you get all the files replaced automatically).

    This way you close the door for the malicious code (hopefully) then you get time to think which plugin is not reliable.
     
    • Thanks Thanks x 3
    Last edited: Apr 21, 2011
  5. speedy5044

    speedy5044 Regular Member

    Joined:
    Jul 29, 2008
    Messages:
    456
    Likes Received:
    993
    Occupation:
    IM
    Thank you so much , it worked like a charm :D we have to be careful when installing some plugins :eek:
     
    Last edited: Apr 21, 2011
  6. roamer

    roamer Power Member

    Joined:
    Dec 2, 2008
    Messages:
    500
    Likes Received:
    479
    Occupation:
    Gfx designer, vfx and mgfx
    Location:
    plɹoʍ ǝɥʇ punoɹɐ ƃuıɯɐoɹ
    I'm glad to know you could solve your problem with Scripteen's help (awesome member, btw). If possible, could you let bhw members know what the malware ridden plugin was?. It may help more than one here.
     
  7. Scripteen

    Scripteen Elite Member

    Joined:
    Sep 19, 2009
    Messages:
    1,811
    Likes Received:
    1,918
    Home Page:
    The plugin itself may not include malicious code but it is the reason why the hacker can insert the malicious code in the database or add it to template files.

    Always make sure you download a plugin that has been there for few months. the more popular it becomes, the more it becomes updated and secure.
     
  8. fantasy_andrei

    fantasy_andrei Newbie

    Joined:
    Apr 22, 2011
    Messages:
    18
    Likes Received:
    0
    most probably you have a vulnerability on you site ... on the teamplate ...
     
  9. zen19

    zen19 Elite Member

    Joined:
    Mar 31, 2009
    Messages:
    1,671
    Likes Received:
    4,052
    Occupation:
    LOL ya right
    Location:
    International Waters
    TBH, I usually see this type of iframe injection as a result of a keylogger on your local system hoovering up your ftp passwords. There is malware just for this purpose.