Domain Manage

Anyone About ATM To Help Me With Wordpress Problem?

Discussion in 'General Board' started by Murray, Jul 20, 2014.

Thread Status:
Not open for further replies.
  1. Murray United Kingdom

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    2,952
    Likes Received:
    101
    Just noticed a wordpress site of mine has had spam pages created on it :rolleyes:

    /buy-cialis-daily/ and such

    Can't find where the pages are even being created from, no new folders or anything.

    Anyone about that's good with wordpress to help remove the pages?

    Willing to pay a small fee as thanks
     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
     
  3. mrt United Kingdom

    mrt Member

    Joined:
    May 2013
    Posts:
    18
    Likes Received:
    3
    I'd be happy to have a look for you, Murray, I've dealt with a lot of this sort of rubbish. It'd be worth having a quick look at your access logs also to look for signs of the malicious activity (assuming logs go back that far). I'll also debrief you with my findings once done!

    Feel free to PM me WP+FTP details.
     
  4. mally United Kingdom

    mally Well-Known Member

    Joined:
    Mar 2006
    Posts:
    2,244
    Likes Received:
    17
    check htaccess - I've just had to remove something similar
     
  5. Skinner

    Skinner Well-Known Member

    Joined:
    Jul 2008
    Posts:
    4,325
    Likes Received:
    81
    I had something like this a while ago, there were some malicious code added to every wordpress editable file, so soon as I corrected one, the code reran.

    In the end I deleted the install, started from scratch.
     
  6. spiderspider

    spiderspider Active Member

    Joined:
    Feb 2013
    Posts:
    677
    Likes Received:
    48
  7. Murray United Kingdom

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    2,952
    Likes Received:
    101
    mrt had a look and fixed it for me

    I will let him say what was wrong and how he fixed it if he likes as I don't know the technical explanation
     
  8. mrt United Kingdom

    mrt Member

    Joined:
    May 2013
    Posts:
    18
    Likes Received:
    3
    In this instance there were a few backdoor shells left behind, and wp-config.php was modified to load some custom code that would pull in whatever malicious pages the attacker wanted on the site.

    Not particularly novel really as far as WP abuses go, but it still interests me to see how the techniques used by attackers changes over time.
     
Thread Status:
Not open for further replies.

Share This Page