Domain Manage

Hacked Wordpress

Discussion in 'General Board' started by woopwoop, Aug 21, 2014.

Thread Status:
Not open for further replies.
  1. woopwoop United States

    woopwoop Well-Known Member

    Joined:
    Jan 2007
    Posts:
    2,198
    Likes Received:
    33
    So I have an old theme for a Wordpress site, I like it and have been applying the WP updates, but on searching for the site in Google noticed these types of listings (which can only be hurting the SEO of the site):

    [​IMG]

    • You can see the site in the screenshot, does anyone know about this type of exploit?
    • Where is it living? In a file header or independent files on the server?
    • Is this really helping their SEO and hurting mine?
    • Any way that I can get rid of this for good with the current theme? Or are themes usually the problem?

    I haven't put new content on the site in ages but was about to...

    Update: Found this in the .htaccess and the named file (now deleted)
    Any solution to stop this happening again? (ideally without changing theme - or is it most likely to blame?)
     
    Last edited: Aug 21, 2014
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
     
  3. chrisduggan United Kingdom

    chrisduggan Active Member

    Joined:
    Mar 2005
    Posts:
    553
    Likes Received:
    6
  4. Adam H

    Adam H Well-Known Member Exclusive Member

    Joined:
    May 2014
    Posts:
    1,046
    Likes Received:
    84
    You need to find the cause otherwise it will continue to happen, was the theme Nulled ?

    Download the entire site to your local machine, if you've got a decent Antivirus ( NOD32 ) it will pick up at least some of the malicious scripts ( if there are some ) which will give you clues as to what to look for and they may reference any back door scripts

    Backup the install to make sure you've got one, then delete the wordpress tree saving only your uploaded files and any files which you may have uploaded like an external image folder or theme folders, once clear Upload wordpress again , upload all plugins again and ensure they are still updated, then check your template files for anything suspicious.

    Remove any old test installs you've got laying around or anything in the file system which you no longer use.

    Change all your passwords including WP-admin and Cpanel.

    Reset the permalinks and see if the htaccess changes.

    You can also install a plugin called wordfence and set it up to scan and email you when something changes or when there is a mismatch. Once your at that stage you can think about locking down the install with some htaccess and robots.txt entries to prevent future scanning assuming your host is secure.

    Beyond that there is little that can be advised with out seeing the setup.
     
    Last edited: Aug 21, 2014
  5. admin Spain

    admin Administrator Staff Member

    Joined:
    Jun 2004
    Posts:
    10,083
    Likes Received:
    115
    Install Wordfence and set it to alert you on changes. Will also let you see visitors by Country, I block ones who I don't think will be use the site for any good reason.

    Change your Admin username to something else and have a decent password.

    Admin (oops)
     
  6. tifosi United Kingdom

    tifosi Well-Known Member

    Joined:
    Oct 2004
    Posts:
    3,128
    Likes Received:
    45
    Start by checking your file permissions. You should never have a .htaccess that is web writable! Maximum 0641 depending on owner of the web server userid.
     
  7. Murray United Kingdom

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    2,951
    Likes Received:
    98
    Have you got any messages in webmaster tools?

    When my wordpress site got hacked I had a tag under my site in search results, "this site may be hacked"

    Had to ask for a review

    But at least this hack on yours was quite polite, guitar pro, mine was foreign payday loans and viagra lol.
     
  8. Retired_Member38

    Retired_Member38 Banned

    Joined:
    Jun 2013
    Posts:
    1,773
    Likes Received:
    43
    The problem is many legitimate things are outsourced to countries you can't sell anything to via sites like Freelancer etc. So you might miss out of something of interest that someone in UK was trying to send you, because he outsourced it on Freelancer.com to someone in Ukraine or whatever. This guy isn't doing anything wrong so likely won't even think to disguise the fact he's in Kiev.

    And if some Ukrainian hacker was going to try something, he'll know to disguise it anyway.

    So there doesn't seem any real reason to do it? Unless you're just getting sick of Indians emailing 'do you needing seo' all day long and figure its worth throwing away the occasional valuable enquiry just to bin off Abdul and his SEO pals :lol:
     
  9. Skinner

    Skinner Well-Known Member

    Joined:
    Jul 2008
    Posts:
    4,325
    Likes Received:
    81
    I think you mean "Kate" and "Harry" which seem to be the latest :p
     
  10. woopwoop United States

    woopwoop Well-Known Member

    Joined:
    Jan 2007
    Posts:
    2,198
    Likes Received:
    33
    Thanks for all the help guys. Really great advice.

    I'm on it later today.

    @AdamH it's not nulled - I think it was a paid theme - will see if I missed an update.

    Will also look into Sucuri, put Wordfence on it (if it's not there - I have WF on all my other WP sites and even use WPmanager.com but maybe not on this one - it's been such a long time!)

    I don't think I added this to Webmaster tools either.

    Does anyone think there's a benefit to not adding it to WM tools, and even not running adsense on it with the same publisher codes... to avoid them being seen as linked sites... Difficult to explain but in the past I've heard that even same whois details can connect sites and lower the SE power of a link between the two?
     
Thread Status:
Not open for further replies.

Share This Page