Nasty Wordpress hack, please help

by rvdp
11 replies
Hi, when I looked today on my WP blog I saw what looks like a header/page added to my frontpage. It cantains a picture of a young woman and some links. The source of the picture is http://i.nuseek.com/images/template/...le_student.jpg

I read some on WP hacks and changed all the WP files (except content). That didn't work, so I tried using a different theme. It solved the problem so I was sure something was wrong within the theme files. I looked at everyone of them, couldn't find a thing, then decided to delete the theme and upload a new version of it. After activation, again the same!

How is this possible, it's only happening with that specific theme, yet completely replacing it with a fresh version doesn't do anything???

Any ideas, really need this fixed asap...
#hack #nasty #wordpress
  • Profile picture of the author DominicF
    I think I've seen that image on expired domains which are parked.

    If it's not that, then maybe your WP install has been hacked.

    What is the domain?
    {{ DiscussionBoard.errors[3502152].message }}
    • Profile picture of the author rvdp
      Originally Posted by DominicF View Post

      I think I've seen that image on expired domains which are parked.

      If it's not that, then maybe your WP install has been hacked.

      What is the domain?
      Yes I know it's been hacked

      the domain is smoothiemakerreviews.net. I just put up the standard theme that works but will put the other one back on so you can see it.
      {{ DiscussionBoard.errors[3502165].message }}
  • Profile picture of the author PaulChester
    If only I had 15 posts then posting links would be much easier. Anyway this post is talking about your issue but it's 3 years old. Are you using a very old version of WP?

    wordpress dot org/support/topic/need-help-please-2

    Paul.
    {{ DiscussionBoard.errors[3502240].message }}
    • Profile picture of the author rvdp
      Originally Posted by PaulChester View Post

      If only I had 15 posts then posting links would be much easier. Anyway this post is talking about your issue but it's 3 years old. Are you using a very old version of WP?

      wordpress dot org/support/topic/need-help-please-2

      Paul.
      Thanks, but was on that site and did not offer a solution.

      BUT, after hours searching I finally found the problem, and would NEVER have guessed it: a PRE-HACKED template version of the legitimate one (that's also free by the way). Unbelievable, I changed it to the real version and it's working like a charm.

      People, pay attention downloading themes from wpblogskins.com, wordpresstemplates.com and wordpressthemes2.com

      They are evil!
      {{ DiscussionBoard.errors[3502287].message }}
      • Profile picture of the author Janet Sawyer
        Thank You,

        Free is what you essentially pay for.
        Heed this guys warning.

        Originally Posted by rvdp View Post


        People, pay attention downloading themes from wpblogskins.com, wordpresstemplates.com and wordpressthemes2.com

        They are evil!
        {{ DiscussionBoard.errors[3502379].message }}
      • Profile picture of the author DominicF
        Originally Posted by rvdp View Post

        Thanks, but was on that site and did not offer a solution.

        BUT, after hours searching I finally found the problem, and would NEVER have guessed it: a PRE-HACKED template version of the legitimate one (that's also free by the way). Unbelievable, I changed it to the real version and it's working like a charm.

        People, pay attention downloading themes from wpblogskins.com, wordpresstemplates.com and wordpressthemes2.com

        They are evil!
        Thanks for the heads up
        {{ DiscussionBoard.errors[3508452].message }}
        • Profile picture of the author sarahunter
          I had this happen to me and i went into all my files and found a link to a .ru website and then i removed all the references. Then i went into each folder on system and added a blank index.html file to each folder where there wasn't an index file already.

          This sorted the problem out.

          hope that is of some help, albeit a long way around.

          Sara
          {{ DiscussionBoard.errors[3522310].message }}
      • Profile picture of the author Evan-M
        Originally Posted by rvdp View Post

        Thanks, but was on that site and did not offer a solution.

        BUT, after hours searching I finally found the problem, and would NEVER have guessed it: a PRE-HACKED template version of the legitimate one (that's also free by the way). Unbelievable, I changed it to the real version and it's working like a charm.

        People, pay attention downloading themes from wpblogskins.com, wordpresstemplates.com and wordpressthemes2.com

        They are evil!
        Your lucky, If the person that uploaded the hacked theme had any skill, you would be reinstalling WordPress to get rid of the hack, they could have easily added code to the template that upon install modded functions, the database or files on the rest of your install.

        Ive seen hacks that would add your commenter's emails to external mailing lists upon commenting, and you don't see anything that would let you know the blog has been hacked. BE CAREFUL downloading from these sites that let anyone upload to them for download.
        Signature

        Evan-M

        Easily The Worlds Best Wordpress Popup plugin

        Visit Website Design Firm For All Your Wordpress Coding Needs

        {{ DiscussionBoard.errors[3522715].message }}
  • Profile picture of the author PaulChester
    Good catch!
    {{ DiscussionBoard.errors[3502305].message }}
    • Profile picture of the author rvdp
      Originally Posted by PaulChester View Post

      Good catch!
      It's so tricky because no matter how long you compare your code with the original files, you won't find a difference.
      {{ DiscussionBoard.errors[3502329].message }}
  • Profile picture of the author eleetgeek
    I saw the website. It is solved I think. However, few things that you must keep in mind are:

    1. Never use pirated wp themes.
    2. Never buy themes from unknown sources.
    3. Before installing plug-in check the reviews.

    Since your website is not totally defaced, I do not suspect shell on your server, so relax
    {{ DiscussionBoard.errors[3506401].message }}

Trending Topics