troubleshooting Question

Several Wordpress Blogs Hacked with Outbound Comments HTML Links

Avatar of Hannahro11
Hannahro11 asked on
SecurityWordPressVulnerabilities
18 Comments4 Solutions1093 ViewsLast Modified:
Hello,

We need someone to help us fix a Wordpress hack Job where all of the Wordpress sites on our own server have appeared to be hacked by the same breech. This hack is pretty insidious in that it installs hidden outbound links in the stylesheet. Once we hit "approve" to comments it bleeds the blog dry of all page rank (SEO terminology). We do not know how this hole occurred, and we want to fix it on our server. I have attached an example of the hack as it appears in the area compromised. This has occurred on all the blogs in this jail on our server.

The attached file, 'hacked text at bottom of posts.txt', is a sample of what's appended to the post when you view the source - not viewable on the webpage via a browser.
 
The scond text (php-hack) I've manually replaced all of the php files in the blog and the theme - there had been a block of encrypted stuff at the top of many php scripts, the main php scripts for the theme and the main wp style sheet - attached is a sample of that, too; php-hack.txt

Again, let us know if you can help.  php-hack.txt
blog-hack-1.txt
ASKER CERTIFIED SOLUTION
Russell_Venable

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 4 Answers and 18 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 4 Answers and 18 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros