Has my blog been hacked?

I had deleted everything from the server and also the database. When I reinstalled all files and recreated a database it seemed to work fine again.

However a couple of hours later and in was displaying the Fatal error message again.

Whats the deal?

Hi,

It seems it is either due to the plugins or older version of wordpress. Please disable all the plugins and upgrade your wordpress to the latest version.

Thanks,

Shane G.

Hi,
I have the same problem-very annoying.I get this message:
Fatal error: Cannot redeclare ub6() (previously declared in /home/farbhof1/public_html/blog/wp-config.php(1) : eval()’d code:1) in /home/farbhof1/public_html/blog/wp-settings.php(1) : eval()’d code on line 1

I have the latest version of wp.Everyday I reinstall my blog only to find it has been replaced by this message the next morning.HELP!!

Thanks Shane. I have done as you suggested still with no luck.

Any other ideas?

Hi farbhof1

Can you give me a complete list of all the plugins you have installed. Maybe there is a common denominator (plugin) thats causing this problem.

Ive now spent another 6 hours trying to troubleshoot my blog. I removed all files from the server, removed the database and then reinstalled wordpress and a new database.

I was all fine for about an hour an now I get another fatal error message. Check it out at https://mobc.org.au

Even your WordPress readme.html file has been hacked. Contact your web host and see:

https://codex.www.ads-software.com/FAQ_My_site_was_hacked

https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

Do you have any relationship with maciejkuciara.com? I see script links on your readme.html to that hacked site.

Have no idea who maciejkuciara.com is.

Is there anyone out there who has had the same problem as me and has completely fixed it???

I’m having the same problem. My webhost installed a php.ini in my WordPress root folder (which they said would prevent my .php files from being written to) and I tried placing my configphp file into my server root folder but it was still hacked. THis is after a full, fresh install with no plugins installed and a new database. Soooo yeah. Kind of irritating and making me question why im using WordPress at this point if the code is soooo vulnerable.

Kind of irritating and making me question why im using WordPress at this point if the code is soooo vulnerable.

and you assume this why? 2.8.4 is secure and is not being hacked

https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

https://ottodestruct.com/blog/2009/hacked-wordpress-backdoors/

samboll – I’m using the latest WP (8.4.5?) and its getting hacked. That’s why I assume the vulnerabilities of the code. I upgrade with every new release and these hacks just started happening w/in the last 3 weeks. Thankfully the blog im trying to fix first is a (very) simple, 1 page resume and requires nothing complicated to remake. So killing off all the files and database is no big deal.

Also, I’ve run Malwarebytes, Avast and Kaspersky for keyloggers or anything else on my machine and they come up clean. I’ve changed my password many times to the most cryptic stuff I can come up with, on both my admin and FTP.

So, yeah, irritating.

I’ve been dealing with this now for the last few days. I’ve had my WordPress site completely wiped clean and meticulously rebuilt it from scratch. 2 hours later, it’s hacked again. Some direction on how to troubleshoot this would be very helpful. BTW, I don’t have any pluggins installed.

Have you changed your FTP passwords?

Yes. I’ve changed them all. Could it be in the actual wordpress database?

samboll – I’m using the latest WP (8.4.5?) and its getting hacked. That’s why I assume the vulnerabilities of the code.

The code is not vulnerable. Your site is. Two different things.

The fact that this code is being added to all your files suggests two things: a) your webhosts are idiots and b) you’re being hacked because some code is running on that server that’s searching for all the files it can and inserting that code into them.

This sort of thing happens mostly on shared servers that don’t have proper inter-user security working, so some other website on the server getting hacked can lead to every site on that server getting hacked.

Best advice: Leave that web host immediately.
Only sorta okay advice: Try to work with them to fix their servers. This may be difficult and time consuming.

Either way, WordPress is secure, but it can’t control other means of entry which are not.