1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

wp 3.0.1 MS infected with malware.

Discussion in 'Blogging' started by gahoachma, Aug 6, 2010.

  1. gahoachma

    gahoachma Junior Member

    Joined:
    Dec 16, 2009
    Messages:
    126
    Likes Received:
    21
    Home Page:
    its WP 3.XX + buddypress.

    But yah all of my 2000+ blogs are now infected with malware.

    Anyone want to tell me where to start? Cleaning this BS up?

    I deleted and reinstalled all my themes and no help, so that isn't the problem it must be deeper.

    Wish I had the mind for PHP right about now..

    Or was a licensed private investigator/bounty hunter. Mmmm If I could find this person, I'd do very evil things.. But oh well lol!.

    Anyways anyone care to *help* abit!? The users at wordpress sure as hell aren't helping. Maybe a fellow BHer that does this crap would care to enlighten me? :7:
     
  2. Kingfresh

    Kingfresh Regular Member

    Joined:
    Jul 8, 2009
    Messages:
    374
    Likes Received:
    295
    only solution is the delete all files and create upload newone ... also check mysql database ... AND change passwords!
     
  3. Crixus

    Crixus Regular Member

    Joined:
    Jul 10, 2010
    Messages:
    409
    Likes Received:
    119
    Occupation:
    Jack of all trades, master of a couple.
    Location:
    the ludus
    You'll have to manually fix one, and then you may be able to automate fixing the rest. Different exploits do different things. Some are just js injection, others get deep into your db and set up backdoors, etc.
     
  4. gahoachma

    gahoachma Junior Member

    Joined:
    Dec 16, 2009
    Messages:
    126
    Likes Received:
    21
    Home Page:
    Since I'm not a programmer, this is gonna be rather expensive.. *sigh*
     
  5. gregstereo

    gregstereo Elite Member

    Joined:
    Oct 5, 2009
    Messages:
    1,833
    Likes Received:
    1,027
    Occupation:
    I'm known to locate certain things from time to ti
    Location:
    Moose Factory, ON
    You could start by googling or otherwise finding the my wp site has been hackked doc in wordpress dot org / codex. They have some pretty decent docs linked in there as well as some steps you could probably do yourself. Or at least outsource for a reasonable price. Since there's so many wp installs out there that means a fair # of us who have been hit by similar exploits.

    The best free advice I can give is also step 1 in the codex - don't panic.
    Posted via Mobile Device
     
  6. leolion

    leolion Junior Member

    Joined:
    Jul 3, 2010
    Messages:
    107
    Likes Received:
    27
    have you tried reinstalling ur wordpress core files? how do you manage 2000+ blogs?
     
  7. gahoachma

    gahoachma Junior Member

    Joined:
    Dec 16, 2009
    Messages:
    126
    Likes Received:
    21
    Home Page:
    Thanks for the advice even though I already got it from my web hosts support system.

    They gave me numerous helpful links. Although mostly nothing I can do myself. Or dare to do myself. I ruined the site once myself, don't care to do it again its depressing. :rolleyes:
     
  8. gahoachma

    gahoachma Junior Member

    Joined:
    Dec 16, 2009
    Messages:
    126
    Likes Received:
    21
    Home Page:
    Nope. I did look thru the wordpress config file and didn't find anything unusual. Or than that I'm afraid to do that, I might perm break something. lol.

    So far as managing the 2k+ blogs? Not so much. *idiot* I've gone thru and noticed a few link farm pages and deleted them.

    There is another plugin I need..
     
  9. gahoachma

    gahoachma Junior Member

    Joined:
    Dec 16, 2009
    Messages:
    126
    Likes Received:
    21
    Home Page:
    P.S. Thanks for all the replies and help, I tried to get the same thing on wordpress.org's forums and got total silence. "OpenSource" is great N all, but I've noticed some of the people involved can be lets say, on a higher horse than the Queen Of England.

    #1 Don't panic.
    #1.2.5 Don't give up and get depressed.
    #2 I think the giving up part is worse than the panicking part. Freak out, then get on with business..
    #3 yep.
     
  10. origin

    origin Regular Member

    Joined:
    Nov 11, 2008
    Messages:
    334
    Likes Received:
    90
    Home Page:
    #4 You can find any help here.

    Check your plugin compatibility with newer WP version, this is a hole when it's not guarantee of 100% compatible.
     
    • Thanks Thanks x 2
  11. greentitanium

    greentitanium Senior Member

    Joined:
    Feb 8, 2010
    Messages:
    1,141
    Likes Received:
    213
    Occupation:
    Prob the same as yours
    Location:
    Great Lakes & RTP
    i always wondered if you could download your complete site to your desktop and then scan it with a anti-virus to find the issue??
     
  12. gahoachma

    gahoachma Junior Member

    Joined:
    Dec 16, 2009
    Messages:
    126
    Likes Received:
    21
    Home Page:
    NextGEN Gallery & WordPress.com Stats is all I had installed at the time.
     
  13. gregstereo

    gregstereo Elite Member

    Joined:
    Oct 5, 2009
    Messages:
    1,833
    Likes Received:
    1,027
    Occupation:
    I'm known to locate certain things from time to ti
    Location:
    Moose Factory, ON
    Backups of the dbase and the wp files are good to grab before you try to fix a hack, but if hackers have gotten into your database (e.g. inserting an admin user), your scenario really won't eradicate the buggers.
     
  14. gahoachma

    gahoachma Junior Member

    Joined:
    Dec 16, 2009
    Messages:
    126
    Likes Received:
    21
    Home Page:
    No won't work different operating systems. Thankfully even *I* can't download my mysql database atm. Not enough memory available. (problem before I got hacked)
     
  15. greentitanium

    greentitanium Senior Member

    Joined:
    Feb 8, 2010
    Messages:
    1,141
    Likes Received:
    213
    Occupation:
    Prob the same as yours
    Location:
    Great Lakes & RTP
    gotcha. surprised there isnt software that does this, just imagine.
    i just recently started looking at wp auto backups because of this issue the op has.
    havent found one yet
     
  16. gahoachma

    gahoachma Junior Member

    Joined:
    Dec 16, 2009
    Messages:
    126
    Likes Received:
    21
    Home Page:
    Not my area of expertise, though the user did create a blog under my (admin) name. And added himself to every user created blog.
     
  17. gahoachma

    gahoachma Junior Member

    Joined:
    Dec 16, 2009
    Messages:
    126
    Likes Received:
    21
    Home Page:
    There are some plugins to backup WP databases. Won't work for me tho. Mine is 900 mb or so.
     
  18. leolion

    leolion Junior Member

    Joined:
    Jul 3, 2010
    Messages:
    107
    Likes Received:
    27
    If your blogs are still infected, you can try reinstalling wp core on all blogs.

    To do so,
    go to http://yourdomain.com/wp-admin/update-core.php and click on "re-install automatically".
     
  19. leolion

    leolion Junior Member

    Joined:
    Jul 3, 2010
    Messages:
    107
    Likes Received:
    27
    I think backupify.com can backup wordpress data, haven't used it yet.
     
  20. leolion

    leolion Junior Member

    Joined:
    Jul 3, 2010
    Messages:
    107
    Likes Received:
    27
    use siteautobackup.com's mysql backup feature. that would be useful. it can also backup whole cpanel too.
     
    • Thanks Thanks x 1