Site Hacked Need Help.

5 replies
Hi. I hope in the right section of WF.

Yesterday one of my WP sites was hacked and before I came here I did some research to try and fix the problem.

This is what I've done so far:

I exported my content to computer.
Uninstalled the version of WP that was on the domain.
Installed new version using Fantastico.
Changed username and password.
Imported content back to blog.
Installed new theme and plugins.

It all seemed to be working o.k. I logged out and checked the domain and no problems. Smooth as butter until... this morning.

When I go back to make sure everything is functioning o.k. I see this...

Warning: Cannot modify header information - headers already sent by (output started at /home/fxmorale/public_html/nonstopmarketer.com/index.php(1) : eval()'d code:37) in /home/fxmorale/public_html/nonstopmarketer.com/wp-includes/pluggable.php on line 896

Interestingly enough, I can log into it on the backend and when I logout, the blog shows up again.

I'm confused. Can anyone give me some ideas?

Would be greatly appreciated.

The domain is http://www.NonStopMarketer.com

Thx in advance.
#hacked #site
  • Profile picture of the author karlandrew
    what happened to me was a hacker sort of injected code into my sites files. that will give you a headache for sure..

    ____________________________
    warriorforum | merchant services
    {{ DiscussionBoard.errors[3852686].message }}
    • Profile picture of the author Mkj
      I found this solution:

      look at your theme's functions.php file
      clear the empty space or line break at beginning of file or end of file (or both)
      Might be worth a look.

      Try loading a different theme and see if the problem occurs again. If it doesn't then you can narrow it down to a particular theme.
      {{ DiscussionBoard.errors[3852742].message }}
  • Profile picture of the author Tim Franklin
    Hi one of the first things I would suggest is that you never again use Fantastico, it is an open invitation for someone to "some day" have the inside curve on breaking into your website, there are a number of reasons why using fantastico is a bad idea, the first of which is that any time you use an automated scripting agent to install a script in a cpanel account you run the risk that someone might come along and take advantage of the fact that when using fantastico you can predict a logical pattern of how that installation has occurred including names of the database prefix, making it predictable is not something that you want to do.

    When you create a manual installation of wordpress your chances of having your installation corrupted or broken into drops by a significant amount, not to say that it is impossible, because that would just not be accurate.

    But, it is in your best interest to manually install wordpress because you remove "some of the data patterns that using fantastico develops"

    When you follow a few simple rules in creating an installation you can better adjust to the changing needs of your website.

    Currently your website is displaying some kind of plugin related issue, I suspect it is due to either some custom programming and or it is a result of a malfunctioning plugin, the most irritating thing about fantastico is that when you use it Fantastico installs the installation from a location above your user account, for example, if you install your wordpress installation manually, then you are the user, /home/username/public_html/your wordpress website.

    However if you use fantastico, then you could be installing from a location above your user name, like this, server/root/whm/fantastico/home/user_name/public_html

    If you are installing from fantastico you could be creating a problem for your self later more so if you ever expect to customize your wordpress installation using custom plugins,

    To fix your existing problem, disable plugins one by one until your issue stops, then consider using a manual install to configure your wordpress website, in fact if you are a war room member I have a great wordpress tool that is being given away there now.
    Signature
    Software Development | Applications | OSX | iOS | Android | Cloud Software Engineering |
    {{ DiscussionBoard.errors[3854079].message }}
    • Profile picture of the author fxmmorale
      First of all thanx to you guys for trying to help. Definitely appreciated.

      Mkj - I'm not sure exactly what the heck it is I should be looking for in the code. Can you give me an example of what it might look like. Sorry not a programming pro like you:-(

      Tim - Tried your suggestion and disable all of the plugins one at a time and eventually ended up deleting them with no change in results.

      Got a question about your Easy WP Config. Can I import the files from my blog back into the new install or do I need to start all over again? I sure would hate to lose all those posts and traffic. But if I have to, I have to. Sucks tho.

      Again, thanx for offering to help.
      Signature
      The Marketing Rinnegato Cometh... stay tuned. This link leads to my Warrior blog...
      {{ DiscussionBoard.errors[3854943].message }}
      • Profile picture of the author Mkj
        Doing a search on Google for: wp-includes/pluggable.php on line 896 produced a few similar results:

        Google

        It appears that you might have moved or altered a file and inadvertantly added white space. Make a check on your wp-config.php file.

        when i removed white space after ?> it's done.
        What editor do you use? Some editors can add white space which can cause errors in wordpress. Try and edit your files using notepad.

        Read the first 3 results on the Google search above as they are all very similar and will explain what you need to do and check.
        {{ DiscussionBoard.errors[3855343].message }}

Trending Topics