Jump to content


Photo

Hacked?


  • Please log in to reply
7 replies to this topic

#1 Andrea

Andrea

    Advanced Member

  • Moderators
  • 5,752 posts
  • Facebook:https://www.facebook.com/aandbwebdesignAB
  • LocationSadieville, KY - but always a Texan at heart!!

Posted 08 March 2015 - 01:02 PM

This is too weird - I have not been to my own website in a while -- www.aandbwebdesign.com (Wordpress) - but clicked on it yesterday for no good reason and noticed i the upper a link to a ###### site. It was late, I didn't want to deal with it.

Today, when I look at the page with Firefox, I do not see it, but I see it when I view the page in IE and Opera. when I then look at the code, I find

</head>
<body>
<div id="fb-root"> <a href="http://bboyfactory.com/side-effect-of-######-50/">side effect of ###### 50</a> 
 </div>

When I look at it in Firefox, all I see is:

</head>
<body>
<div id="fb-root"></div>

I've created a copy of all the online files onto my computer, and have run a search for fb-root and ###### --- but I find NOTHING!!!

 

I'm at a loss right now how else I might be able to find how this link got on my site....

 


  • 0

#2 Stefan

Stefan

    Stefan Mischook

  • Administrators
  • 4,333 posts
  • LocationMontreal Canada

Posted 08 March 2015 - 01:43 PM

Hi,

 

Sounds like you were hacked. Have you updated to the latest version of wordpress? The reason you see it in one browser and not in another, is probably because of browser sniffing ... it would be in the PHP code somewhere, where if the user is using IE, they add the link.

 

Remember when we were hacked here a couple of years, back where the hack only impacted mobile traffic. Anyway, update your wordpress and check your theme files too for the hack, because when you update Wordpress, themes are not updated automatically.

 

Stef


  • 0
StudioWeb makes teaching web design and programming easy: StudioWeb

#3 Stefan

Stefan

    Stefan Mischook

  • Administrators
  • 4,333 posts
  • LocationMontreal Canada

Posted 08 March 2015 - 01:50 PM

Because of Wordpress' vulnerabilities, we've created our own simple blog engine for our new sites.  The fact that it is closed-source, makes it much harder to hack. Wordpress, this forum, Drupal and other commercial software, are always going to be more vulnerable to hackers, since the codebase is accessible ... they can snoop the source code for vulnerabilities.

 

... I would give away our simple blog except that it would then open us up to the same problem.

 

:unsure:

 

Stef


  • 0
StudioWeb makes teaching web design and programming easy: StudioWeb

#4 Andrea

Andrea

    Advanced Member

  • Moderators
  • 5,752 posts
  • Facebook:https://www.facebook.com/aandbwebdesignAB
  • LocationSadieville, KY - but always a Texan at heart!!

Posted 09 March 2015 - 06:08 AM

Thanks, Stef.

I do have the latest WP version,and the Theme is one I created myself based on your KS video tutorial.

I guess I'll keep poking around until I figure it out.


  • 0

#5 Stefan

Stefan

    Stefan Mischook

  • Administrators
  • 4,333 posts
  • LocationMontreal Canada

Posted 10 March 2015 - 12:54 AM

Have you changed your passwords? Make sure they're strong ... both WP and FTP.

 

S


  • 0
StudioWeb makes teaching web design and programming easy: StudioWeb

#6 Andrea

Andrea

    Advanced Member

  • Moderators
  • 5,752 posts
  • Facebook:https://www.facebook.com/aandbwebdesignAB
  • LocationSadieville, KY - but always a Texan at heart!!

Posted 10 March 2015 - 05:25 AM

I thought they were pretty good - symbols, numbers, and all that stuff, but I better change them anyway.


  • 0

#7 Ben

Ben

    Administrator

  • Administrators
  • 5,682 posts
  • LocationGainesville, Florida

Posted 14 March 2015 - 09:28 AM

I had to deal with a couple sites like this recently. Start by uploading fresh, safe Wordpress files, overwriting anything that's there (just the core Wordpress files though, and don't overwrite your wp-content directory). After, double check for suspicious code in all your theme files or in the wp-config file. It will be PHP, but it will most likely look like a block of gibberish (so you can't easily search for the text). Then, download/install https://wordpress.or...xploit-scanner/and the free version of https://wordpress.org/plugins/sucuri-scanner/, run their scans, and see if you catch anything else. In many cases, an exploit will randomly duplicate itself within your wp-content directory, those files need to be looked at too.


  • 0
Benjamin Falk
Falken Creative : Twitter

#8 Andrea

Andrea

    Advanced Member

  • Moderators
  • 5,752 posts
  • Facebook:https://www.facebook.com/aandbwebdesignAB
  • LocationSadieville, KY - but always a Texan at heart!!

Posted 17 March 2015 - 06:36 PM

HA! Found the jibberish in my functions.php. For now, I just put my original back, and it's clean at the moment. I have a lot of other stuff going on right now, not much time to play, but I'll see if the junk comes back.

Thank you both!!


  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

★★★★★ 5 Star Rated Web Developer Course - check it out now!