Jump to content

Hacked?


Andrea

Recommended Posts

This is too weird - I have not been to my own website in a while -- www.aandbwebdesign.com (Wordpress) - but clicked on it yesterday for no good reason and noticed i the upper a link to a site. It was late, I didn't want to deal with it.

Today, when I look at the page with Firefox, I do not see it, but I see it when I view the page in IE and Opera. when I then look at the code, I find

</head>
<body>
<div id="fb-root"> <a href="http://bboyfactory.com/side-effect-of--50/">side effect of  50</a> 
 </div>

When I look at it in Firefox, all I see is:

</head>
<body>
<div id="fb-root"></div>

I've created a copy of all the online files onto my computer, and have run a search for fb-root and --- but I find NOTHING!!!

 

I'm at a loss right now how else I might be able to find how this link got on my site....

 

Link to comment
Share on other sites

Hi,

 

Sounds like you were hacked. Have you updated to the latest version of wordpress? The reason you see it in one browser and not in another, is probably because of browser sniffing ... it would be in the PHP code somewhere, where if the user is using IE, they add the link.

 

Remember when we were hacked here a couple of years, back where the hack only impacted mobile traffic. Anyway, update your wordpress and check your theme files too for the hack, because when you update Wordpress, themes are not updated automatically.

 

Stef

Link to comment
Share on other sites

Because of Wordpress' vulnerabilities, we've created our own simple blog engine for our new sites.  The fact that it is closed-source, makes it much harder to hack. Wordpress, this forum, Drupal and other commercial software, are always going to be more vulnerable to hackers, since the codebase is accessible ... they can snoop the source code for vulnerabilities.

 

... I would give away our simple blog except that it would then open us up to the same problem.

 

:unsure:

 

Stef

Link to comment
Share on other sites

I had to deal with a couple sites like this recently. Start by uploading fresh, safe Wordpress files, overwriting anything that's there (just the core Wordpress files though, and don't overwrite your wp-content directory). After, double check for suspicious code in all your theme files or in the wp-config file. It will be PHP, but it will most likely look like a block of gibberish (so you can't easily search for the text). Then, download/install https://wordpress.org/plugins/exploit-scanner/and the free version of https://wordpress.org/plugins/sucuri-scanner/, run their scans, and see if you catch anything else. In many cases, an exploit will randomly duplicate itself within your wp-content directory, those files need to be looked at too.

Link to comment
Share on other sites

HA! Found the jibberish in my functions.php. For now, I just put my original back, and it's clean at the moment. I have a lot of other stuff going on right now, not much time to play, but I'll see if the junk comes back.

Thank you both!!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...