Have my blogs been hacked???

by skiphop

Posted: 14 years ago 23 replies

INTERNET MARKETING

I noticed several of my Wordpress blogs have links imbedded in my posts, links to other people's websites in anchor text

Is this a wordpress hack going around or something? I assume it is a service someone is charging for, as I have all kinds of different anchor text links, pointing to different websites, one was even from a fellow warriors's site!

Is there anything I should do to prevent this? Thanks

Skiphop

#blogs #hacked

Nightowl 14 years ago

Skip, this has come up, in one form or another, several times before. See if these are any help to you:

http://www.warriorforum.com/main-int...jan-horse.html

http://www.warriorforum.com/main-int...press-how.html

http://www.warriorforum.com/main-int...-code-url.html

If not, try using the search function (limit it to the main discussion forum) and search on "wordpress hack" (or hacked). You'll find plenty, alas.

- Nightowl
- Thanks
{{ DiscussionBoard.errors[1534834].message }}
skiphop 14 years ago

Thanks for the suggestions, I checked them out, but they don't seem to be the same as my problem...

I am getting Anchor text links to other people's sites, included in my posts. Not all posts, just random ones across a few of my blogs, I'm guessing it must be some sort of wordpress hack, where someone posts to many blogs at once. I know someone here on the forum knows about it, as one of their sites was linked from a post of mine... Very frustrating, need it to stop.
- Thanks
{{ DiscussionBoard.errors[1534961].message }}
star lit 14 years ago

I seem to have the same problem as Skiphop.

Any suggestions on how to prevent or remove these hacks.

Naima
- Thanks
{{ DiscussionBoard.errors[1587944].message }}
dspa72 14 years ago

A good way to prevent is to update your wordpress installation at the latest version.
- Thanks
- 1 reply
{{ DiscussionBoard.errors[1588008].message }}
- Tyler Pratt 14 years ago
  
  Originally Posted by dspa72
  
  A good way to prevent is to update your wordpress installation at the latest version.
  
  Also make sure all your plugins are updated.
  
  Thanks
  
  Signature
  
  Get the Top 11 Millionaire Tools and 7 Of them are FREE
  >> Yes Get Instant Access <<
  
  {{ DiscussionBoard.errors[1588345].message }}
SurviveUnemployment 14 years ago

It sounds like someone either has access to your database or your WP admin. Change those passwords. Remove the links. Make sure to log the admin logins for a period of weeks. If you see someone logging in who isn't allowed, block their IP from your server and report them. If there are unwanted changes but no admin logins, you'll know the person has access to your server, either your Cpanel login or MySQL databases.

Good luck.

People who do stuff like that are just scumbags.
- Thanks
- 1 reply
Signature

The best link-building strategy you never heard of...

Article Spinning Is Not a Crime!
{{ DiscussionBoard.errors[1588380].message }}
- Jay Rhome 14 years ago
  
  Originally Posted by SurviveUnemployment
  
  People who do stuff like that are just scumbags.
  
  They sure are. I mean there are so many ways to create those backlinks. Even with black hat techniques, many of these don't include screwing other people's sites!
  
  Sometimes the best defense is offense. They obviously link their sites on yours so you can find someone to pay them back in kind...
  
  Thanks
  
  1 reply
  
  {{ DiscussionBoard.errors[1588464].message }}
  
  Gary Smith 14 years ago
  
  Wordpress is so popular now that it has a big red target painted on it. Fortunately it is updated regularly, particularly when security exploits are discovered. As some other posters have said, make sure you keep it up to date and keep the plugins up to date. It only takes a couple of mouse clicks with the upgrade options in the wordpress admin area.
  
  I'd also add that you should check your plugins list from time to time. If there's something in there that you aren't using then de-activate it. The less plugins you have, the less chance of having one activated that has a security hole or exploit.
  
  Thanks
  
  Signature
  
  Gary Smith
  
  PHP Developer and aging geek
  
  {{ DiscussionBoard.errors[1588508].message }}
star lit 14 years ago

Thanks
I have deleted the links.
But I don't think the hacks were through the admin login.
My wordpress and plugins were up to date when the links were left.
I'm waiting for one plugin to be compatible before updating to the latest version or my blog will break.
Can accessing the wp-cron have anything to do with it.

And if so, how can I prevent that.
I'm really hoping not to have to delete and reinstall.

Naima
- Thanks
{{ DiscussionBoard.errors[1592565].message }}
Matt Bard 14 years ago

Are these free Wordpress themes?

Many times free themes have anchor text links in the footer that are protected by a code (eval base 64) then a long string of random looking characters.

The site that gave the theme has offered it with conditions that you give links back.
Since so many people do not honor the conditions the site designers have used the eval base code in the header to protect the links in the footer.

In other words, if you try to take the links out of the footer the code in the header is alerted to the missing links and will not display your blog properly rendering it useless.

When searching for themes, always look for any conditions for backlinks. Or look in the footer section below the blog to see if you spot the links to "insurance" "loans"...before downloading.

This is usually a sign that they have links built in the theme.

Matt
- Thanks
{{ DiscussionBoard.errors[1592740].message }}
star lit 14 years ago

Matt
I am using a free theme, and you are right that the links in the footer can't be altered or removed.
So I respectfully didn't touch or change them.

I think it was a hack through my sever or getting access to my sites via my control panel.
Because all the passwords on my account were changed.
The usernames were unchanged but the passwords for four sites were the same and one was different.
Initially I thought that passwords were displayed differently in PHP Admin,because I could logon to my sites fine, but after changing them they were appeared as is.

I've changed my cPanel password and I'm changing from filezilla.
I'm also deleting all my sites and redoing them.

I don't know if it's necessary, but it's a learning experience.

Naima
- Thanks
{{ DiscussionBoard.errors[1593170].message }}
star lit 14 years ago

Matt, I thought about what you said about the theme so
I'll change my theme as well.

Thanks
Naima
- Thanks
{{ DiscussionBoard.errors[1593177].message }}

Michael Formby

14 years ago

I think it was a hack through my sever or getting access to my sites via my control panel.
Because all the passwords on my account were changed.
The usernames were unchanged but the passwords for four sites were the same and one was different.
Initially I thought that passwords were displayed differently in PHP Admin,because I could logon to my sites fine, but after changing them they were appeared as is.

I've just mentioned this in another post, make sure none of your directorys are set to 777 , check index.php files and index.html files and if there is code at the bottom like a funny looking script code delete it save it reupload it. then try chomoding (change file permissions) the actual index files so they dont have write permision such as 644 this is what worked for me in the past to solve a simlair problem.

Mikey

Thanks

{{ DiscussionBoard.errors[1593210].message }}

star lit 14 years ago

Thanks Mikey

I've already deleted my databases etc.
I'm going to make a fresh start.
Yeah, I think I'll pay more attention to file permissions as well.

Naima
- Thanks
{{ DiscussionBoard.errors[1594453].message }}
Puusaari 14 years ago

Try these plugins with your wordpress blog...

Limit Login Attempts | devel.kostdoktorn.se
WordPress › Secure WordPress WordPress Plugins
Bad Behavior / Bad Behaviour:
- Thanks
Signature

You Achieve Success by Choice, NOT Circumstances
Like Us to Receive Life-Changing Affirmations Sent Daily
{{ DiscussionBoard.errors[1595077].message }}
Puusaari 14 years ago

Also, clean your system of any viruses as well... they may have stolen your passwords from a keylogger secretly installed on your system, which means that if it is still there, they will just keep rehacking your website.
- Thanks
Signature

You Achieve Success by Choice, NOT Circumstances
Like Us to Receive Life-Changing Affirmations Sent Daily
{{ DiscussionBoard.errors[1595101].message }}
digigo 14 years ago

i can not imaging what is to gain to go such length hacking a blog account... have you installed any autoblog.. plugin.. or any default feature comes with wordpress.. ?? is that a comment spam???
- Thanks
{{ DiscussionBoard.errors[1595140].message }}
Abledragon 14 years ago

One of my customer's sites was hacked over the New Year weekend. After I fixed it up (and included a range of security steps) it was hacked again. 2 and a half hours after I had finished.

The hackers had got hold of her FTP login details.

As Puusaari has said above, you need to check everything - not just WordPress itself.

Full details of that hack and the steps we took are here:

http://www.wealthydragon.com/blog/20...ity-wordpress/

Cheers,

Martin.
- Thanks
Signature
WealthyDragon - Earning My Living Online
{{ DiscussionBoard.errors[1595608].message }}
Michael Formby 14 years ago

Thanks Mikey

I've already deleted my databases etc.
I'm going to make a fresh start.
Yeah, I think I'll pay more attention to file permissions as well.

Naima

File permissions are very important when it comes to wordpress , if there not right your an open target i can help you if you have any more problems just pm me,
- Thanks
- 1 reply
{{ DiscussionBoard.errors[1596425].message }}
- radhika 14 years ago
  
  I'd like to use the arthemia theme but one of the files need the 777 permission.
  
  Ask your host to change your website to a different server under them which has Server API as CGI Binary. Then your scripts run under your user id, so no need to chmod 777.
  
  Thanks
  
  Signature
  Follow up Autoresponder PRO :: 33% Discount!!
  FREE Upgrades! IMPROVED Email Deliverability!!
  
  {{ DiscussionBoard.errors[1598182].message }}

star lit

14 years ago

@ Puusaari - I'll look at those plugins
@ Martin- Thanks for the article. I'm taking notes
@ Mikey- Thanks for you offer to help. I'd like to use the arthemia theme but one of the files need the 777 permission. So I'm looking for another theme.But I really, really like arthemia. I'll PM you if I run into more problems.

Naima

Thanks
1 reply

{{ DiscussionBoard.errors[1597561].message }}

ARVolund

14 years ago

Have not used that particular theme but does it have to be 777 all the time or just when you want to make changes? A lot of scripts require 777 during the install or when making changes or updates but you can lock it down at other times. A little more work to have to change the permissions when you go to change or add something but well worth the time if it something you really like using.

Originally Posted by star lit

@ Puusaari - I'll look at those plugins
@ Martin- Thanks for the article. I'm taking notes
@ Mikey- Thanks for you offer to help. I'd like to use the arthemia theme but one of the files need the 777 permission. So I'm looking for another theme.But I really, really like arthemia. I'll PM you if I run into more problems.

Naima

Thanks
1 reply

{{ DiscussionBoard.errors[1598158].message }}

radhika 14 years ago

Delete the database and WP folder COMPLETELY. Ask your host to backup the folder and database.

Make sure you update the WP script + plugins to latest versions.

.
- Thanks
Signature
Follow up Autoresponder PRO :: 33% Discount!!
FREE Upgrades! IMPROVED Email Deliverability!!
{{ DiscussionBoard.errors[1598174].message }}

Have my blogs been hacked???

Trending Topics

Can I change my username?

Check out DeepL Write

Is Wordpress Website Secure? - Emmanuel Katto

How did you turn it all around?

What's the Best IM-Related Skill to Learn Today That Can Help in the Future?