wordpress sites hacked - looking for information

by jruez
10 replies
This is the second time this year my wordpress sites have been hacked. I am looking for some information on what this hack is and some suggestions on preventing this stuff in the future.

The hack put code into a lot of pages on most of my hosted sites. The code started with "<?php $_8b7b=" and continued with a bunch of encrypted code.

I found files in each website directory with names similar to

One htaccess file that I looked at had this at the top of it
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteOptions inherit
RewriteCond %{HTTP_REFERER} .*(msn|live|altavista|excite|ask|aol|google|mail|bing|yahoo).*$ [NC]
Not sure if all of this is related. I am working to clean it up, in a similar method that I used when hit with the "airschk" hack earlier this year.

I will again go through and change all passwords (which I did before), and follow all the suggestions that my host has given me. Any suggestions from you all?

Anyone know what this hack is doing?

If I should post in another section of this forum, please let me know. Thanks in advance.
#hacked #information #sites #wordpress
  • Profile picture of the author iuditg
    You Should Use one of the Product I recently launched to protect wordpress site. I am not advertising my product but since you wanted a solution, I am providing you one. Checkout my signautre. We have taken care of some major issues and provided 4-Way Protection in that plugin.
    {{ DiscussionBoard.errors[5089008].message }}
  • Profile picture of the author Abledragon
    Strengthening a WordPress site against hackers is not just about focusing on WordPress - you need to have a security mindset towards everything from your machine through your FTP activities and WordPress itself.

    The second part of this article sets out some things you should think about that will help to protect your site in future:

    How to Fix a Hacked WordPress Site | WealthyDragon


    WealthyDragon - Earning My Living Online
    {{ DiscussionBoard.errors[5090216].message }}
  • Profile picture of the author ericbryant
    Sorry to hear this! My tips are super strong passwords. Keep Wordpress constantly up-to-date! Google Wordpress Security for the Top 10 Tips--they're everywhere. Just be careful not to block the /wp-content folder in robots.txt as some recommend, or else you will disappear from search!
    - Social Media Marketing Strategy & Consulting

    - Custom Wordpress Website Design & Blogs

    - Wordpress Speed Demon? Click Here!

    - Live the life you love... now!
    {{ DiscussionBoard.errors[5091541].message }}
  • Profile picture of the author RobKonrad
    Hi there,

    google the "timthumb" hack, might be it... you^ll find a lot of information on how to fix it.

    Rob Konrad
    ================================================== ===
    This blog is awesome: http://www.robkonrad.com/blog. Read it.
    ================================================== ===
    {{ DiscussionBoard.errors[5092011].message }}
  • Profile picture of the author muscletom
    thank you very much
    {{ DiscussionBoard.errors[5092386].message }}
    • Profile picture of the author jruez
      thanks for everyone's help. @RobKonrad, it looks like that is what it was. Feel bad for people that have a lot more sites than I do. Not sure how they keep up with all the hackers
      {{ DiscussionBoard.errors[5097287].message }}
  • Profile picture of the author Cassidy
    Most of the sites I have seen hacked were accessed through vulnerabilities in the host setup, likely via access to the cpanel or the apache web files. The malicious entries in your .htaccess seem to indicate that is what happened to you.


    One doesn't discover new lands without consenting to lose sight of the shore for a very long time.

    {{ DiscussionBoard.errors[5101221].message }}
  • Profile picture of the author carsonben
    I recently installed a good plugin called Better WP Security. Once installed it lists all the places your site may be vulnerable in red. Then with a click of a button it will fix those vulnerabilities and show them in green.
    Authority Media Marketing Strategist
    {{ DiscussionBoard.errors[5101876].message }}
  • Profile picture of the author Sleaklight
    I've had my run with this kind of hack. Basically anyone coming from the search engines will get redirected to the hacker's designated site. If you type the URL of your site directly, it loads just fine since none of the search engines are the referrer.

    This is a problem of the host setup than wordpress itself. Are you hosted on windows? This is more prevalent on windows platforms as well.
    {{ DiscussionBoard.errors[5101889].message }}
  • Profile picture of the author boyrev
    MOST of these hackers get in through plugins and themes that you've added to your wordpress. They write the themes with these hacks already built-in.

    Install TAC - its a free plugin available on wordpress.org and it will check all of your themes for vulnerabilities.

    Install it on all wordpress sites.
    {{ DiscussionBoard.errors[5101916].message }}

Trending Topics