[mayfly]

I got the nasty message when trying to open one of my blog page today:

"Hacked by BaDBoY-ALbania"

What is it? How to get rid of it? Help please!!!

[2busy]

You can find some help at StopBadware - Tips for Cleaning & Securing Your Website it covers malicious hacks and what to do.

Good luck!

[mayfly]

Thanks 2busy for your quick response and the link...

[ladidah]

Here is more:

About malware and hacked sites - Webmaster Tools Help

[John Powell]

Quote:

Originally Posted by mayfly

I got the nasty message when trying to open one of my blog page today:

"Hacked by BaDBoY-ALbania"

What is it? How to get rid of it? Help please!!!

A busy fellow that creep. Doing a search on the string you gave with quotes came up with over 2,700 other suffering sites.

I wonder how many of those search results lead to infected sites. I clicked one result and my NoScript add-on didn't like anything there. Looking at the cached pages should be ok I guess. Sorry to hear of your troubles Mayfly.

[mayfly]

Quote:

Originally Posted by John Powell

A busy fellow that creep. Doing a search on the string you gave with quotes came up with over 2,700 other suffering sites.

Why don't these bad guys give us a break!!

My night was officially ruined. Other than reading and searching for solutions, I've also contacted my hosting company and see what they say about it.

[ladidah]

Sorry to hear, mayfly. It does suck.

Was you blog the latest Wordpress version, or fairly recent?

[mayfly]

Quote:

Originally Posted by ladidah

Sorry to hear, mayfly. It does suck.

Was you blog the latest Wordpress version, or fairly recent?

It is the lastest version. I just checked. It says my WP version is up to date.

Luckily my main site was not hacked. That's just a blog page I added to my main site several months ago. To be honest, I never like WP sites. I do better with my traditional html pages. This incident gives me another reason to not to blog at all.

[loxly]

If your WP is up to date, they got in through your theme or a plugin.

[mayfly]

My hosting company responsed fairly quick. The support person said it was caused by hacked theme of the WordPress. He resored the them and suggested me to use another theme. Thank god he just saved me one big headache trying to find the bad script. I should thought about the theme right away. I was so scared that couldn't think straight.

Thanks to all for your help.

[Zeus]

Contact your host. They may be able to tell you which files were compromised.
If you have the latest version of WP, more likely the probleme is coming from your theme. (it could come from a plugin, too)
If you have a fresh version of your theme, use your ftp, or cpanel/whm, to delete it on your site, then upload it again.
Look at .htaccess for any change. They have to redirect your site to their screen of death.
I had that problem several times with different versions of BaDBoY-ALbania or baDsectQr ~ Dracula ~ PoLoNia.

Good luck.
Edit: loxly was faster than me.

[mayfly]

Loxly and Zeus both nailed it. It was the theme's problem. I only use the themes provided by WP site and thought they are safer...I guess not. Bad guys are everywhere.

[loxly]

Glad they found it and you might want to post what theme you were using so others can avoid it. And get a different theme right away direct from the WordPress.org repository.

[mayfly]

Quote:

Originally Posted by loxly

Glad they found it and you might want to post what theme you were using so others can avoid it. And get a different theme right away direct from the WordPress.org repository.

The theme is call "My Sweet Diary". It is from WordPress.org. Like I said, I thought the themes from WordPress.org are safe to use. Apparently not.

[Zeus]

They are safe to use but hackers are always looking for new vulnerabilities.
What Wordpress (or others) should do is to make public the addresses of these hackers, just to thank them...
Edit: I forgot to add: Ask your host for the ip address of your hackers. If you use cpanel you can block this ip. Once they have your site on their list, they will come back.

[mayfly]

Quote:

Originally Posted by Zeus

They are safe to use but hackers are always looking for new vulnerabilities.
What Wordpress (or others) should do is to make public the addresses of these hackers, just to thank them...

So is it the theme designer the hacker or somebody else hacked into the theme?

If it is the theme designer the hacker, I probably should report to WordPress and maybe they can ban the designer. If it is somebody else hacked into the theme, it will be hard to catch the hacker and I don't want to accuse the innocent designer.

[mayfly]

Quote:

Originally Posted by Zeus

Edit: I forgot to add: Ask your host for the ip address of your hackers. If you use cpanel you can block this ip. Once they have your site on their list, they will come back.

Ah, good point! Will check with my hosting company right away. Thanks Zeus.

[loxly]

When going through themes on WP.org look for newer ones that are compatible with the current version. I use thesis so haven't looked through there lately. I did read a blog post recently that said that there are lots of outdated themes on WP.org.

It most likely was not the theme author, but there was a vulnerability that exists, so I would still report the theme as being hackable.

[CathyM]

Quote:

Originally Posted by mayfly

Luckily my main site was not hacked. That's just a blog page I added to my main site several months ago.

If it's on the same domain, once they hack the blog, they may have access to your entire site. That happened to me about a year ago with an earlier wordpress version. The hacker left a trap door and kept inserting hidden code on my home page. My hosting company helped me track it down and fix it.

[mayfly]

Quote:

Originally Posted by CathyM

If it's on the same domain, once they hack the blog, they may have access to your entire site. That happened to me about a year ago with an earlier wordpress version. The hacker left a trap door and kept inserting hidden code on my home page. My hosting company helped me track it down and fix it.

I contacted my hosting company as Zues suggested to track down the IP addresses. They've found 2 IP connections, one is mine, the other is located at Ukraine(according to G search). I've asked my hosting company block it. Haven't heard back from my hosting yet. Hope the hacker will go away.

[purplebear]

Reaaaaaaally sorry Mayfly that this happened to you I thought the same as you that everything would be ok with the theme coming from WP itself.

[loxly]

Quote:

Originally Posted by mayfly

I contacted my hosting company as Zues suggested to track down the IP addresses. They've found 2 IP connections, one is mine, the other is located at Ukraine(according to G search). I've asked my hosting company block it. Haven't heard back from my hosting yet. Hope the hacker will go away.

If they have a good firewall they should have already blocked that IP. Be sure to follow up and ask if they did. One of the things I love about my VPS is the ability for me to block bad IPs manually, but the firewall stops most of the bad stuff all by itself.

[Trust]

I wonder if stuff like this would help - http://builtbackwards.com/projects/tac/

WordPress -->> Check Your Themes Code... - ABestWeb Affiliate Marketing Forum

If that was the issue?

A plugin to check the themes you have for possible issues. I used it on one blog and deleted all the themes with junk/encrypted code. Now after awhile, I found a few themes I like and are clean and basically stick to those.

[Rexanne]

Wow Mayfly, that truly sucks. So sorry :-(

Makes me leery of using blog software at all. :-(

[loxly]

Quote:

Originally Posted by Rexanne

Wow Mayfly, that truly sucks. So sorry :-(

Makes me leery of using blog software at all. :-(

Any software is hackable.

Trust, that is a good recommendation. With any software, checking for vulnerabilities is a good idea.