Results 1 to 18 of 18
  1. #1
    Full Member suzie250's Avatar
    Join Date
    May 5th, 2005
    Posts
    416
    My wordpress site hacked
    I need some help this morning.

    I appears that one of my sites using wordpress has been hacked sometime overnight.

    I noticed the problem when checking the site and it shows an error instead of the site showing up.

    The error is generating from wp-includes/default-widgets.php. When I view the file thru cpanel, I can see a script has been added at the bottom, but when I go in to edit the file, I cannot see the script. I have tried to replace the file, but nadda.

    I cannot get into wp-admin....

    Does anyone have any suggestions for where else that I could look for problems?
    I disagree with Kay Jewelers. I would bet on any given Friday or Saturday night more kisses begin with Bud Lite than Kay.

  2. #2
    Influencer Marketing GravityFed's Avatar
    Join Date
    January 18th, 2005
    Location
    Ithaca & Park City
    Posts
    3,338
    Can you FTP into your site and overwrite the file with the original that way?

  3. #3
    Full Member suzie250's Avatar
    Join Date
    May 5th, 2005
    Posts
    416
    From what I can tell so far, they got in because of the theme that I am using. Both sites that I am using this theme on are down.

    Trying now to get into my database to change the theme......
    I disagree with Kay Jewelers. I would bet on any given Friday or Saturday night more kisses begin with Bud Lite than Kay.

  4. #4
    Visual Artist & ABW Ambassador lostdeviant's Avatar
    Join Date
    September 7th, 2007
    Location
    Cuautitlán, Edo. de México
    Posts
    1,725
    What is the error?
    If the script was hacked, you still need to replace it somehow either via FTP or the control panel.

  5. #5
    Full Member suzie250's Avatar
    Join Date
    May 5th, 2005
    Posts
    416
    Parse error: syntax error, unexpected '<' in /home/*****/public_html/*******/wp-includes/default-widgets.php on line 1034

    If I change just the database line for template, will that be enough to change the theme or are there more lines that I need to change?

    I am freaking the **** out! B******s!
    I disagree with Kay Jewelers. I would bet on any given Friday or Saturday night more kisses begin with Bud Lite than Kay.

  6. #6
    Full Member suzie250's Avatar
    Join Date
    May 5th, 2005
    Posts
    416
    Now they've got them all! Crap ola!
    I disagree with Kay Jewelers. I would bet on any given Friday or Saturday night more kisses begin with Bud Lite than Kay.

  7. #7
    Visual Artist & ABW Ambassador lostdeviant's Avatar
    Join Date
    September 7th, 2007
    Location
    Cuautitlán, Edo. de México
    Posts
    1,725
    hmm it seems that when they hacked the file they added improper code...

    Re-upload the original wordpress file then log in and change the theme. (supposing the theme is the problem I doubt it though)
    Then check your permissions on wp-includes directory and make sure they aren't set to allow Everyone to edit files.

  8. #8
    Analytics Dude Kevin's Avatar
    Join Date
    January 18th, 2005
    Location
    Rochester, NY
    Posts
    5,904
    Just in case, change your FTP passwords, and make sure whatever FTP client you are using is NOT storing the password. Type it in every time.
    Kevin Webster
    twitter: levelanalytics

    Kayak Fishing
    Web Analytics and Affiliate Marketing

  9. #9
    Full Member suzie250's Avatar
    Join Date
    May 5th, 2005
    Posts
    416
    Well, six sites down so far....I've emailed the host.....someone send me some vallium! These are all wordpress sites with different themes, so wasn't the theme.

    Oh Brother, I'll have a path worn in the carpet before this is over.
    I disagree with Kay Jewelers. I would bet on any given Friday or Saturday night more kisses begin with Bud Lite than Kay.

  10. #10
    Moderator BurgerBoy's Avatar
    Join Date
    January 18th, 2005
    Location
    jacked by sylon www.sylonddos.weebly.com
    Posts
    9,618
    That's why I don't use WP. They're too easy to hack and it happens fairly often.

  11. #11
    http and a telephoto
    Join Date
    January 18th, 2005
    Location
    NYC
    Posts
    17,708
    Quote Originally Posted by BurgerBoy
    That's why I don't use WP. They're too easy to hack and it happens fairly often.
    If you stay up to date and have a decent host, they don't get hacked. I've been hacked, but it was on Dreamhost and it was through a plugin that wasn't created securely.

    Any site can get hacked, Wordpress doesn't necessarily make it any easier. When security holes are found they are patched *very* fast.

    I've learned it is more about the hosting and less about the software. I've had sites running very expensive software get hacked. Dropped host and moved to a more "hardened" server.
    Deborah Carney
    TeamLoxly.com BookGoodies.com ABCsPlus.com

  12. #12
    Analytics Dude Kevin's Avatar
    Join Date
    January 18th, 2005
    Location
    Rochester, NY
    Posts
    5,904
    Quote Originally Posted by loxly
    If you stay up to date and have a decent host, they don't get hacked. I've been hacked, but it was on Dreamhost and it was through a plugin that wasn't created securely.

    Any site can get hacked, Wordpress doesn't necessarily make it any easier. When security holes are found they are patched *very* fast.

    I've learned it is more about the hosting and less about the software. I've had sites running very expensive software get hacked. Dropped host and moved to a more "hardened" server.
    Or, as I alluded to above, end user error. Leaving something writable after modifying it, etc. Or having your FTP compromised on your local machine.
    Kevin Webster
    twitter: levelanalytics

    Kayak Fishing
    Web Analytics and Affiliate Marketing

  13. #13
    ABW Ambassador
    Join Date
    January 4th, 2006
    Location
    USA
    Posts
    2,477
    I had the same problem a month ago. http://forum.abestweb.com/showthread.php?t=126072

    The best you can do now is to contact your hosting company and have them restore all your hacked sites, then change all the passwords.

  14. #14
    Full Member suzie250's Avatar
    Join Date
    May 5th, 2005
    Posts
    416
    Update (coz I JUST know that you all were worried about me! lol):

    Hostgator is cleaning my files up now. I had a few with older versions of wordpress but most were up to date, different passwords on some.

    They hit all but one site that had wordpress. I think they just had not gotten to it yet. From the timestamps on the files, they started early this morning and were still moving to the other sites while I was checking on things this morning.

    At this point I am not sure how they got in. Hopefully, Hostgator will be able to tell me. I have it ruled down to three: My computer, a plugin, or possibly the update to cPanel yesterday.

    It sure has freaked me out today.
    I disagree with Kay Jewelers. I would bet on any given Friday or Saturday night more kisses begin with Bud Lite than Kay.

  15. #15
    ABW Ambassador superCool's Avatar
    Join Date
    April 23rd, 2008
    Location
    Texas
    Posts
    1,268
    poor you. hang tough suzie250! you'll get it cleaned up

  16. #16
    Moderator BurgerBoy's Avatar
    Join Date
    January 18th, 2005
    Location
    jacked by sylon www.sylonddos.weebly.com
    Posts
    9,618
    Go here and download their free scanner Suzie250. If you have something on your computer this scanned will find it. http://new.eset.com/download/free-virus-remover

    I've had the eset security on my computer for three years now and it has stopped every attack and kept my computer completely clean the whole time.

  17. #17
    Newbie
    Join Date
    October 16th, 2009
    Location
    Seattle, Washington
    Posts
    25
    By the way Susie, do you use SSL at all for the login? Without it, you can't really stop a Session hijacking attack.

    Mike Maddox

  18. #18
    ABW Ambassador netnow22's Avatar
    Join Date
    January 18th, 2005
    Location
    Columbia, SC
    Posts
    748
    Be carefull of any plugins that you use, make sure you have correct permissions set, make sure your local Pc is not infected. If your local PC is infected they can grab the ftp information and even submit an iframe to your site.

    Most Good Hosting companies offer a security scan, ask your host to do this.

  19. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Zappo Site Hacked?
    By BurgerBoy in forum Commission Junction - CJ
    Replies: 6
    Last Post: January 16th, 2012, 03:38 PM
  2. Featured: Wordpress.org Plugins Hacked
    By simcat in forum Midnight Cafe'
    Replies: 1
    Last Post: June 22nd, 2011, 07:22 PM
  3. Hacked site - not mine
    By John Kruger in forum Midnight Cafe'
    Replies: 9
    Last Post: September 26th, 2006, 11:25 PM
  4. Site Hacked
    By Jon Nunez in forum AMWSO
    Replies: 3
    Last Post: January 19th, 2006, 11:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •