WordPress Hacked and Redirected … Again

Hey “Bob”

Your first post indicates your site was compromised before. Kudos for upgrading, but if you didnt clean out the hack — youre just getting re-exploited.

How about enlisting some outside assistance to look at your site and files? Im willing to do so, and can probably make some helpful general recommendations as well.

email me at whoo at whoo.org if you want some help.

You would think that there would be patch/fix publicly available by now. Surely wordpress people must care what happens to their platform?

just noticed another sites of my was hacked with this. a site on another server. site had the current version of wp installed. this is nuts.

Ohh.. It happens to all versions. This is a zero day never before seen exploit.

This means people have been able to do this for years but didn’t because having it was more important than using it. Some Russian douche got a hole of it and decided to redirect and get PPC money. I am sure he is making a minimum of $20K a day. Would be real nice if his account was frozen and he got none of the money.

In case anyone were interested, the website at anyresults.net is hosted by a web hosting company called ISPrime (www.isprime.com).

As far as a fix goes I tried everything that has been suggested and the problem remained. The I started replacing files to the original WP version (2.5.1 for the record) one folder at a time. For me the issue was in the main WP folder (where the index is)…once I replaced those the hack was gone.

the domain registrar just told me they would do nothing without a court order : (

i will try that tijja.

i gave up. no one in the wordpress community cares about helping someone hacked by their buggy shit cms. i used to love them, but now i know why so many experienced webmasters think wp is shit.

Experienced web masters, huh? You sure about that? Experienced web masters know to upgrade immediately. Experienced web masters know how to access PHPMyAdmin and edit their database tables manually. Experienced web masters understand that a shared hosting environment is a breeding ground for hackery, as you are only as secure as the most UNSECURE guy sharing your server space.

And the domain registrar is NOT the place to seek a takedown order. You go after the guy’s ISP/web host. Not his registrar. What keeps him from setting up another domain somewhere else? You get him where it hurts by shutting his site down. Even if only temporarily. And you do that through his web host and no web host worth his salt would tolerate such hackery from any of its customers. (But an experienced web master would already know this.)

I hope for your sake that you get it figured out.

honestly, the banter doesnt help. if there is an issue with 2.5.1 and it appears there *might* be — complaining about ‘it’ here, while therapeutic, doesn’t do anything except make more posts that dont lead to any resolution.

You zip up your Apache logs, you zip up your files, and you send the stuff off to [email protected] — then you complain here ??

Shit happens, it’s an imperfect world — and like it or not, the popularity of WP makes it one of the biggest targets on the web.

(I cannot believe Im a voice of reason, and not ripping new assholes.) ??

On a side note, I am SOOOOOOOOOOOOOOOOOO happy I nullroute the 53000 or so IPs that I dont like, I cannot even comprehend having to be back on any kind of shared hosting environment where I was at the mercy of someone else.

I cannot believe it either. Maybe, like me, you just need some more caffeine? ??

Ive got my second 24-ouncer waiting for me in the kitchen.

(I cannot believe Im a voice of reason, and not ripping new assholes.) ??

I thought I felt a shift in the force this morning!

I hope you all have a great weekend!!

??

I thought I felt a shift in the force this morning!

buahahha, it’s early yet ??