Latest Announcemnent
New thread

Site hacked, here is code, pls. help

Status
Not open for further replies.
K

kitty

Active Member
76
2009
0
0
Hello.
For some time someone is keep inserting mallicious code in my wordpress sites in page, index, footer.php with this:

Code: 
removed

Can someone decode this to know what is getting it ? Please ?
Is targeting all my related sites, so is no fate, is a target.

I change permissions to the 3 files, but he edited that and made them 755.
How can I prevent this to happen ? Google gave me warning already...
 
Last edited:
20 comments
Remove the code, change all your access passwords (including server pass), use WP Security plugin and then scan your site for bad codes.
 
Check the access logs to find how the one got in and from where , ask your host to blacklist that IP . Follow up some of these steps to be sure that you are safe .

1 . Update your Wordpress to the latest version .

2 . Update your all plugins as well .

3 . Keep backup for your site , maybe you may try some plugins for the database backup ; which keeps the site backup going as some separate remote space or to your email .

4 . Once hacked , try changing your login password for wordpress , cPanel and even database that you are using . Or i prefer you to create a new user for the same database and use it and delete the old once's .

5 . Use the WordPress Key Generator to generate keys (https://api.wordpress.org/secret-key/1.1/) . I didn’t know much about wordpress keys but it is another important security measure. These keys work as salts for WordPress cookies thus, ensuring better encryption of user data.

6 . Install WP Security Scan Plugin , This plugin is the real deal. It’s simple and automates stuff. It will scan your wordpress blog for vulnerabilities and inform you if it finds any malicious codes etc. If the texts are in green in the admin panel then you should be good.

7 . Block search engine spiders from indexing the admin section .

To do so , create a robots.txt file in your root directory. Then place the following code in the file:
PHP: 
#
User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$
Disallow: /category/*

8. Secure your WP-CONFIG . it contains all the sensitive data and configuration of your blog and therefore we must secure it through .htaccess. Simply adding the code below to the .htaccess file in the root directory can do the trick .
PHP: 
# protect wp-config.php
<files wp-config.php>
Order deny,allow
Deny from all
</files>

There are many , but maybe the above may help you to secure your site and keep it stable for longer .
 
Curl was already disabled. Host confirmed. Curl was not the way in. Any other ideeas ? Infects also all index.php files also and google gives malware allert.
 
kitty said:
Curl was already disabled. Host confirmed. Curl was not the way in. Any other ideeas ? Infects also all index.php files also and google gives malware allert.
Click to expand...

Just do a malware scan for your website using the wordpress plugin ; just a quick question , do your site is having dedicated IP or its on shared ?
 
#Qarizma, did that.
#Mostarac, both.
#Bharat, scanned with multiple wp security plugins.

I hoped that curl was enabled, but is it was disabled... and entered with this... what can i say more ?
 
like i said so no diference i realy hate wordpress and i wonder why people not use mybb or smf both have lots of plugin and much more better and secure then wordpress
 
#mannNmeet, i know wordfence, great plugin. even at free. I like seeing 10 people a day trying to enter /admin before they got banned.
# Smith, hi. Long time no see. Yes, latest version on all.
 
He's using shell script thats how he got access to the whole sites.. Find the shell and delete it and u wont have any problems
 
Status
Not open for further replies.
Back
Top