1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wordpress Template Hacked????

Discussion in 'Web Design' started by idmercu, Oct 25, 2012.

  1. idmercu

    idmercu Newbie

    Joined:
    May 15, 2012
    Messages:
    46
    Likes Received:
    3
    My wordpress template that I downloaded from mediafire via BHW may have a hack or something attached to it. I cannot remove it. dogsforsaleincolumbusohio/dot/kom
    Its in the top left corner. Says something like 'the documents have moved here:' with a link to a crazy domain ww10opengraph, some BS. Anyways any advice on how to remove it. I looked in the template editor and style.css. Please help me get rid of it. Will give thanks and rep for any help and advice.:)

    ty.
     
  2. gundamwing

    gundamwing Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 18, 2008
    Messages:
    1,274
    Likes Received:
    913
    you had been hacked.
    check your index.php on wordpress or any
    better remove all public_html
     
    • Thanks Thanks x 1
  3. puneetas3

    puneetas3 Senior Member

    Joined:
    Jan 8, 2012
    Messages:
    876
    Likes Received:
    384
    Probably check the functions.php file. He may have a hook in there.

    Also install Windws Grep on your computer and then search the folder of the theme with it for the external url. It will show up in which file the url is located and you can remove that.
     
    • Thanks Thanks x 1
  4. tnhomestead

    tnhomestead Regular Member

    Joined:
    Oct 9, 2011
    Messages:
    385
    Likes Received:
    253
    Location:
    Tenneessee USA
    Home Page:
    It is in the main php file for your template, look for this line should be a 5 min fix at most. Doesnt look like you were hacked. looks like someone added it to the theme files

    <p>The document has moved <a href="http: //ww10 dot opengraphs dot org">here</a></p>
    its in the header just above the head tag
     
    • Thanks Thanks x 1
    Last edited: Oct 25, 2012
  5. tchalango

    tchalango Newbie

    Joined:
    Oct 16, 2012
    Messages:
    14
    Likes Received:
    8
    Check also the databas
    The latest malware get hiden in the databas in an encrypted way
     
    • Thanks Thanks x 1
  6. idmercu

    idmercu Newbie

    Joined:
    May 15, 2012
    Messages:
    46
    Likes Received:
    3
    Thanks for the responses. Still stumped. I tried everything you guys above mentioned. Gave thx and rep still. Anyone else that has an Idea plz share. I also would hate for anyone else to have to go thru this. This thread where I downloaded this is still up for others to get duped.
     
  7. ice41

    ice41 Power Member

    Joined:
    Aug 18, 2012
    Messages:
    783
    Likes Received:
    248
    Occupation:
    Web Designer
    Location:
    Land of Pineapples
    For further checking scan your site here
    Code:
    http://sucuri.net/
     
    • Thanks Thanks x 1
  8. tchalango

    tchalango Newbie

    Joined:
    Oct 16, 2012
    Messages:
    14
    Likes Received:
    8
    Because more is better
    Here you have like 5 virus scanner
    Some very good in javasript

    Wepawet
    JSunpack
    Quttera
    Zulu
    Unmask Parasites
    Comodo

    I advice to test all lol for better reliability
     
    • Thanks Thanks x 1
  9. idmercu

    idmercu Newbie

    Joined:
    May 15, 2012
    Messages:
    46
    Likes Received:
    3
    I just ran a search on all the files in the theme and cannot find the spam hack link. The system just keeps saying no records found. But hpw could that be when it is obviously right there on the front page? Any ideas??
     
  10. tchalango

    tchalango Newbie

    Joined:
    Oct 16, 2012
    Messages:
    14
    Likes Received:
    8
    In the database
     
    • Thanks Thanks x 1
  11. idmercu

    idmercu Newbie

    Joined:
    May 15, 2012
    Messages:
    46
    Likes Received:
    3
    Sorry for the novice question but how do I find it in the Database? Explain it to me like I'm a 3rd grader. (credit Denzel)
     
  12. tchalango

    tchalango Newbie

    Joined:
    Oct 16, 2012
    Messages:
    14
    Likes Received:
    8
    can you pm me a way to communicate with you better than here
     
  13. srb888

    srb888 Elite Member

    Joined:
    Jul 30, 2008
    Messages:
    3,260
    Likes Received:
    5,067
    Gender:
    Male
    Occupation:
    WebzSurfer
    Location:
    Sun, Mon, Tue, WTF, Sat!!! :)
    One cause: TimThumb
    Mine was hacked because the template creator didn't checked for timthumb loophole. Bad luck gone too bad -- had actually purchased the WP template!

    This plugin may help you before it's too late -- next time.
    WP Plugin:
    timthumb-vulnerability-scanner
     
    • Thanks Thanks x 1
    Last edited: Oct 26, 2012
  14. ballu84

    ballu84 Newbie

    Joined:
    Oct 28, 2012
    Messages:
    12
    Likes Received:
    2
    yea, always scan timthumber with wp sites.
     
    • Thanks Thanks x 1
  15. goyat

    goyat Junior Member

    Joined:
    Dec 8, 2011
    Messages:
    137
    Likes Received:
    28
    Occupation:
    Blogger
    Location:
    India
    Home Page:
    What about me guys :( . I just checked DB of my blog and found some suspected urls.How to remove these .Check SS :-
    View attachment untitled.bmp
     
  16. goyat

    goyat Junior Member

    Joined:
    Dec 8, 2011
    Messages:
    137
    Likes Received:
    28
    Occupation:
    Blogger
    Location:
    India
    Home Page:
    Guys is anyone there to help me out :( ?
     
  17. srb888

    srb888 Elite Member

    Joined:
    Jul 30, 2008
    Messages:
    3,260
    Likes Received:
    5,067
    Gender:
    Male
    Occupation:
    WebzSurfer
    Location:
    Sun, Mon, Tue, WTF, Sat!!! :)
    No one really can unless you let some expert check it out. But there must be help topics in plenty on G Search, and one of the best things to do initially is to ask your hosting support team to look into your site.

    Not that they will be able to find much, most probably they will ask you to restore an earlier backup, do some changes to the htaccess, check the folder/file permissions, remove some files, even clean up your entire website and restore it afresh, and ofc, change password/s.

    I did everything on my own when my web host gave me a hint of being under attack due to timthumb presence... I had a clean backup. Do you also have a backup, btw?
     
    • Thanks Thanks x 1
  18. goyat

    goyat Junior Member

    Joined:
    Dec 8, 2011
    Messages:
    137
    Likes Received:
    28
    Occupation:
    Blogger
    Location:
    India
    Home Page:
    Yup I have a backup .Thanks for your help bro :)
     
    • Thanks Thanks x 1