Solved

wordpress hacked - pharma links in all posts

Posted on 2011-03-18
8
719 Views
Last Modified: 2012-05-11
hi

a customer has his wordpress blog hacked and small links to pharma sites in all posts.

I have found a lot of articles by searching for "wordpress pharma hack" - but I dont find any hacker php files (backdoors) they mention in the wordpress folders, also not the database entries that these articles mention (in wp_otptions table). So no trace at all.... except all these links in every post.

There are no additional plugins installed, so they must have gotten through the wordpress core.

Any input on what hack that could be (and how to fix it)

Thanks
0
Comment
Question by:netslt
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 70

Accepted Solution

by:
Jason C. Levine earned 500 total points
ID: 35169816
Hi netsit,

Most likely the server itself was hacked and then a script is run to modify the WordPress files and insert the content.  

You need to contact the hosting provider and get thm to fix it.  
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35172555
Maybe too weak password ? Chenge it now if you haven't done it yet. Make an upgrade.
Does the code appear only AND ONLY in posts ?
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35172558
0
 
LVL 31

Expert Comment

by:gwkg
ID: 35173873
Which version of Wordpress?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:netslt
ID: 35174902
it was 3.0
0
 
LVL 31

Expert Comment

by:gwkg
ID: 35176842
Here is a scanning plugin: http://wordpress.org/extend/plugins/exploit-scanner/

Here is help from the Codex: http://codex.wordpress.org/FAQ_My_site_was_hacked

Here is a guide to securing Wordpress: http://codex.wordpress.org/Hardening_WordPress

0
 
LVL 31

Expert Comment

by:gwkg
ID: 35176874
3.0 or 3.0.5?  To stop it from happening in the future might be as simple as keeping Wordpress updated.

Check the database and see if the links are actually saved with the post, or if they are being added from somewhere else.  If they are mixed into the post via the database and you don't have a backup to restore to, you will have to remove them with search and replace tool.
0
 

Author Closing Comment

by:netslt
ID: 35249981
I think it must have been a hole on the server because it turned out other wordpress installations on the server where also affected.

Also I did not find any known exploits for the Wordpress Version I used.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Over the years I've spent many an hour playing on hardened, DMZ'd servers, with only a sub-set of the usual GNU toy's to keep me company; frequently I've needed to save and send log or data extracts from these server back to my PC, or to others, and…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
The purpose of this video is to demonstrate how to automatically show related posts at the bottom of a blog post in WordPress. This will be demonstrated using a Windows 8 PC. Plugin “Yet Another Related Posts Plugin” will be used. Go to your…
The purpose of this video is to demonstrate how to insert an Iframe into WordPress. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Open Page or Post…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now