

![]() |
| ![]() | |||||||
|
![]() |
| | LinkBack | Thread Tools | Display Modes |
| | #1 (permalink) |
| Platinum Lifetime Member Name: Peter Last Online: Yesterday 08:16 PM iTrader: (30) Join Date: Aug 2005
Posts: 1,571
DNF$: 0 Location: Canada
Country: | Update: ok, so I just found all of the links in my footer.php file, so I am guessing this means that someone hacked in and accessed the files and also the ftp server ?? ![]() So I just got an email from Google mentioning that one of my sites is being removed from the index due to hidden text... Sure enough, I check the source and a bunch of crap links have been injected into my site... When I log in to the back end of WordPress I can't find the links in the actual page content or in the links section, has anyone had this happen before? The code has this before the links: <!--linksb--> <b style="display:none"> and this after: <!--linkse--> Any thoughts? I just made sure my WordPress install was up to date and I changed the password on the main account... ![]() Last edited by elivate; 07-31-2009 at 10:08 AM.. |
| | |
| Sponsored Ads |
| | #2 (permalink) |
| Last Online: Yesterday 09:34 PM iTrader: (87) Join Date: Mar 2003
Posts: 4,413
DNF$: 6,593 Location: Washington,DC | Can you tell us more, just for our own education. I know some of the freebie templates are not always free because of this type of threat. But, you are saying they hacked in? Or, they already knew there was a backdoor? |
| | |
| | #3 (permalink) |
| 41 LLL.nets For $35k! Last Online: Today 01:11 AM iTrader: (318) Join Date: Jun 2003
Posts: 5,208
DNF$: 18,554 Location: Hong Kong
Country: | Which FTP program are you using to upload files? Are your anti-spyware anti-malware anti-virus internet security suite up-to-date?
__________________ |
| | |
| | #4 (permalink) |
| Platinum Lifetime Member Name: Peter Last Online: Yesterday 08:16 PM iTrader: (30) Join Date: Aug 2005
Posts: 1,571
DNF$: 0 Location: Canada
Country: | ok, so I was able to fix this and I am now 99% sure what happened... When you create a WordPress site you get an "admin" account and a randomly generated password. You should ALWAYS change the password and it is alco a good idea to create a new account altogether, so do not use admin at all... I know this but in thia case I did not make this change... What the "hackers" do is they use their own password generator script which would likely be the same as what WordPress uses and they then use some program to brute force the site... once they get in they can change whatever they want in the "Edit Themes" section... So no ftp access was actually required to change the file... So the lesson learned (which I already knew) is that you should never use the default admin account to manage your WordPress site... I am lucky they didn't do much worse... |
| | |
| | #6 (permalink) |
| Platinum Lifetime Member Name: Neaz M H Last Online: Today 12:08 AM iTrader: (0) Join Date: Jan 2009
Posts: 246
DNF$: 510 Location: Earth | I think that changing theme would be ultimate solution in this case. In future, please use wp themes from authentic sites whether free or paid. Remember, all free themes are not good. |
| | |
![]() |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
| |