dugbug

@psionstorm

You have network solutions right? If so you have access to the phpadmin screen. From your account services home page click on nsHost in the sidebar, then (I think) maintenance. Something takes you to the backups section. There, there is a “database” option and on that page you have access to your blog(s) databases and a button on the far right to launch myphpadmin.

Once in myphpadmin, click on the top-left link, which is essentioally “the entire database”. A search option in the right-pane top area is now available. Click on it, and then in the search field enter a single string like iframe and hit Go.

Thats a little easier than the SELECT * from certain tables and it covers your entire database.

At least you can get your site back, export your posts, and what not.

This is all from memory, and if you want Ill actually recreate the steps for you later.

zakiwarfel,

search your SQL database for the string 1dns Who knows, maybe that will lead you somewhere.

Also as a lot of info in that article Shane G pointed you to includes some hardening. Reinstalling without .htaccess tweaks and password changes, etc. won’t do.

Im a victim too, but a different attack.

@psionstorm. Gotta start your forensics somewhere. Get back your site and roadblock visitors to an under maintenance banner because the hack will come back and you don’t want to be a carrier (or have google or other sites decide to block access to you)

@miketek

I can’t find the door either. Clean site and clean DB and the attack reoccured this morning. I don’t get it. I have the usual hardening as mentioned in those “harden your site” suggestions.

Funny thing about the siteurl though is that it looks like splash overrun from a neighboring SQL variable… like the injection did not go as planned, which is why the site breaks. I mean, who puts HTML in the siteurl dbase var? It screwed up everything so it obviously served no purpose for the attacker.

At this point, I hired a security service that is familiar with wordpress and they scrubbed all files and the dbase but did not find any backdoor. Apart from two things, the service largely agreed that the site was well hardened.

1) I do not have an SSL https protected login
2) I do not use .htaccess to password protect the /wp-admin area. Which is on purpose, as how else do users use my forum or comments section if I require some global master password.

Network Solutions swears they are fantastic and nothing is wrong with the server itself. In fact if you mention wordpress suddenly ANYTHING is not their fault. Even if ping isn’t working.

So I dunno. We are studying logs now and we play the wait game. Gotta find the door.

MujEEE,

When you say check database, what did you do?

Did you do a search of your wp SQL dbase for the string “blahbl” or whatever is unique about the malware text.

All the matches will be listed and you can manually replace the SQL items with correct values.

I had this problem and they had tried to screw with wp-options/siteurl. I wonder if the technique used on me was similar to your situation.

Not sure if this will fit the bill but the plugin easy chart builder does line graphs

yes, this confused me too. IMHO it should be the most viewed in the last 30 days. Can you add an option for the behavior?

What happens is old posts eventually crowd out new discussions. Just one person looks at one and it pushes out a hot (recently hot) post.

-d

Yes I see. I see two problems: one with the colors in the graph table data, and the other your feature video area seems forever pending.

Im on it! Ill see what I can do. In the mean time, if you get around to it, can you email the shortcode from your post that produced that graph? (supportatdyerwaredotcom)

btw, your colors in the chart tool are fantastic. Very effective use of it.

thanks
-d

If by chart you are meaning a graphical representation (i.e. bar, pie, etc), you could try the “easy chart builder” plugin which is designed for comparison data as you describe.

If you are refering to a table in HTML, its pretty easy. I always refer back to https://www.w3schools.com for examples and tutorials on tags I tend to need a refresher on.

Here is their page for tables:
https://www.w3schools.com/tags/tag_table.asp

-d