8 {{ upvoteCount | shortNum }}
8 {{ upvoteCount | shortNum }}

Need possible security help

by Barbara Eyre
7 replies
  • WEB DESIGN
    • |
I just installed the latest Wordpress version 3.0.4 today, installed Flexibility 3 theme, and customized.

Just a few minutes ago, I noticed that there are 3 small links at the very bottom of the blog ... below the footer. These links JUST appeared - they weren't there while I was setting everything up.

How is it possible that someone has found a blog that has been up for less than 3 hours, hasn't been pinged or indexed and was able to hack into it?

How do I get rid of these insurance links and prevent future such hackings?

Here's the blog: http://www.thebeginnermarketer.com/blog

I'm still working on the whole site in general ...
#security
  • Profile picture of the author Abledragon
    Hi Barbara,

    This happened to a client of mine last year (a freshly installed WordPress site being hacked) - and here's how we got it fixed:

    WordPress Security: Not Just About WordPress | Create an Awesome Home Business

    To remove those links you'll need to go to your Appearance>Editor screen and look for them in the footer.php file.

    Cheers,

    Martin.
    Signature
    WealthyDragon - Earning My Living Online
    {{ DiscussionBoard.errors[3106121].message }}
    • Profile picture of the author Barbara Eyre
      Martin,

      Thanks for the reply. I will look over your link here in a moment.

      I didn't think to use the file editor with in the admin section. I keep uploading a fresh footer.php file and it didn't do a thing.

      I'll read over your explanation and try it out and let you know how it did.

      Update: the 3 "insurance" URLs are not in the footer.php file within the editor either. UGH! How are they there????
      Signature
      Phoenix Rising Web Services | Fibromyalgia Information
      {{ DiscussionBoard.errors[3110957].message }}
      • Profile picture of the author mywebwork
        Originally Posted by Barbara Eyre View Post

        Update: the 3 "insurance" URLs are not in the footer.php file within the editor either. UGH! How are they there????
        Hi Barbara

        Looking at the source of your site I would suspect that the offending links are either in the page.php or index.php file in your theme - they actually appear after the footer section.

        Hope this helps

        Bill
        {{ DiscussionBoard.errors[3111370].message }}
        • Profile picture of the author Barbara Eyre
          No, the Flexibility 3 theme is free, so I did not pay for it.

          Bill, that was my thought also and I looked in all possible files (page.php, index.php, etc etc etc) and they are not showing in any of them. This is maddening.

          But now seeing phpbbxpert's link he provided .. that answers my question. Sounds a bit like extortion since the existence of those links were not mention at any time during download nor within the theme's files. Hmmmmm.
          Signature
          Phoenix Rising Web Services | Fibromyalgia Information
          {{ DiscussionBoard.errors[3116210].message }}
          • Profile picture of the author npsol
            It is my understanding that the text in the footer goes away when you purchase the theme. If you use the free version, there is adsense in the footer.

            Is this what you are referring to?

            I found that out in this video (no relation to this source) around the 1:00 section of the video at: Video 2 Flexibility3 Quick Change Settings | Simple How To Videos

            Hope that helps
            {{ DiscussionBoard.errors[3770388].message }}
  • Profile picture of the author luis23
    Because I build websites in Joomla, Worpress and other PHP Programs, I use OSE Security Suite from Opensource here is the link Open Source PHP Security Solutions by OSE.

    It is not FREE but it is too powerful and you can use in all websites you develop without limitations. This is specially if you use WP or Joomla.

    I would recommend move your Tag Wordpress Generator and always update your WP. Also always hide you wp-login.php which is a good idea.

    I have never been hacked on WP but I got once on Joomla.

    However after the installation of the Security suite I have been able to detect PHP Injections to different sites and all of them have been stopped.

    If you want to check out how this thing works I invite you to test it...

    You can actually go to my main site DallasWebIdeas.com/ and insert after the (/) the following text --> index.php?%20union

    That will recreate a PHP Injection and you will automatically be banned from my website.

    Please don't read the blocking message because I have found out that some people gets to sensitive to my comment/message that I gave away to crackers that try to crack my site.

    It is only intended to them not the general user.
    {{ DiscussionBoard.errors[3111252].message }}
  • Profile picture of the author phpbbxpert
    I just took a look at the themes creators site and reading the comments
    Flexibility 3 Released

    Tells you a bit of info.
    Did you by chance buy this theme?
    {{ DiscussionBoard.errors[3111313].message }}

Trending Topics