13 {{ upvoteCount | shortNum }}
13 {{ upvoteCount | shortNum }}

WP Blog Hijacked

by winebuddy
11 replies
And I have re-uploaded the WP software but have a lot of other files already on the server. Still re-directs.

Guess I could just reupload everything?

It is redirecting to a virus scan on BING and something called Prime Virus scanner.

Anyone familiar with this hijack?
#blog #hijacked
  • Profile picture of the author DogScout
    Dedicated IP, SSL and a 1974 version of the Strategic Air Command firewall will fix that

    what plug-ins were you using and WP version?
    Signature
    {{ DiscussionBoard.errors[1949536].message }}
  • Profile picture of the author winebuddy
    I changed my DB password and so now the server cannot connect to the DB. AND - it's still doing the redirec thingie. At first it says "Cannot Establish Connection to the Database" and then the redirect happens.

    Guess that means that the problem is actually in the WP files on the server?

    That sound right to anyone?

    If that's the case, I can just delete all of the WP stuff and then do a clean install and then reconnect to the Data base?

    Whadda ya think?
    Signature
    "Knowledge is NOT power... ACTION on Knowledge is power"
    {{ DiscussionBoard.errors[1949820].message }}
    • Profile picture of the author Crew Chief
      Originally Posted by winebuddy View Post

      I changed my DB password and so now the server cannot connect to the DB. AND - it's still doing the redirec thingie. At first it says "Cannot Establish Connection to the Database" and then the redirect happens.

      Guess that means that the problem is actually in the WP files on the server?

      That sound right to anyone?

      If that's the case, I can just delete all of the WP stuff and then do a clean install and then reconnect to the Data base?

      Whadda ya think?
      There is no information on that particular virus/malware/trojan that I could find.

      You can do a clean restart, which sounds like you already did.. however, if you don't learn or detect what went wrong or if you have a open breach, it could very easily happen again.

      Anytime you're dealing with WP, I would strongly urge against going in and making wholesale changes hoping that any of them fixes your problem.

      Did you have someone on another computer and at another location look at the site when you first detected the issue?
      Signature
      Tools, Strategies and Tactics Used By Savvy Internet Marketers and SEO Pros:

      ProSiteFlippers.com We Build Monetization Ready High-Value Virtual Properties
      {{ DiscussionBoard.errors[1957180].message }}
  • Profile picture of the author Anon7
    Try changing your theme to quickly rule out malicious code in the header file. If the re-direct stops, then that's probably where the problem is, which possibly could hv originated from a trojan on your PC.

    If you think someone gained access to your FTP, you could check your .htaccess file (if you have one) or a fake index.php for a redirect code in your website root as well.

    -Jack
    {{ DiscussionBoard.errors[1949838].message }}
  • Profile picture of the author winebuddy
    Jack,
    checked the htaccess and it looks ok. i cannot get into wp-admin so how do I change themes without going through the WP-admin panel?
    Signature
    "Knowledge is NOT power... ACTION on Knowledge is power"
    {{ DiscussionBoard.errors[1949942].message }}
  • Profile picture of the author PaulaC
    Can't you just contact your hosting provider to sort it out?
    Signature

    My Blog --> Affiliate Blog Online

    Our New Membership Site - Affiliate Tools HQ

    Amazonian Profit Plan - Our Complete Blueprint for Making Money Online by Promoting Amazon Products - The Amazonian Profit Plan

    {{ DiscussionBoard.errors[1949948].message }}
  • Profile picture of the author winebuddy
    Paul - already did that - no help from there. They just said to delete everything and start over. I do have an older backup of the site so I might have to do that.
    Signature
    "Knowledge is NOT power... ACTION on Knowledge is power"
    {{ DiscussionBoard.errors[1949951].message }}
    • Profile picture of the author Dan C. Rinnert
      Originally Posted by winebuddy View Post

      Paul - already did that - no help from there. They just said to delete everything and start over. I do have an older backup of the site so I might have to do that.
      If any posts are missing from your backup, check your RSS feed. On one of my WordPress blogs, I once lost a day or two of posts due to a server issue (which had also affected the most recent backup, if I remember). By using my RSS feed, I was able to recreate those lost posts and date them correctly and so forth.
      Signature

      Dan's content is irregularly read by handfuls of people. Join the elite few by reading his blog: dcrBlogs.com, following him on Twitter: dcrTweets.com or reading his fiction: dcrWrites.com but NOT by Clicking Here!

      Dan also writes content for hire, but you can't afford him anyway.
      {{ DiscussionBoard.errors[1949980].message }}
  • Profile picture of the author Anon7
    You can FTP into your //wp-content/themes/ folder and check the files. In most FTP clients, you can right-click on the file to edit / view it. I suspect that the header.php file is where the re-direct would be assuming your wordpress is still active. Otherwise, it would likely be in the index.php (or .html, etc) file in the root of your website.

    A PHP redirect would look something like this:
    Code:
    <?php header("Location: http://www.TheBadGuysWebsite.com"); ?>
    I'll be happy to check it out for you if want to make a temporary FTP access for me.

    -Jack
    {{ DiscussionBoard.errors[1949956].message }}
  • Profile picture of the author GeorgR.
    did you check you .htaccess file whether there is a redirect?
    Signature
    *** Affiliate Site Quick --> The Fastest & Easiest Way to Make Affiliate Sites!<--
    -> VISIT www.1UP-SEO.com *** <- Internet Marketing, SEO Tips, Reviews & More!! ***
    *** HIGH QUALITY CONTENT CREATION +++ Manual Article Spinning (Thread Here) ***
    Content Creation, Blogging, Articles, Converting Sales Copy, Reviews, Ebooks, Rewrites
    {{ DiscussionBoard.errors[1949976].message }}
  • Profile picture of the author Istvan Horvath
    There is an index.php in the root folder of your WP installation (where you see a lot of files and the 3 wp-folders if you take a look at it via FTP). Check THAT index.php, not the theme's index... usually that's where the hackers place the redirect code.
    Signature

    {{ DiscussionBoard.errors[1950228].message }}

Trending Topics