Wordpress hacked. Any ideas.

[mynameisjim]

Just noticed one of my wordpress blogs was hacked. Second time now but this one is a bit weird.

Hidden links are getting written to the first 3 blog posts. I noticed a new user so I deleted him but I can't edit the posts or make a new post. I click "save" or "publish" and it just goes to a blank white screen.

I've got a backup so I can always just restore it. But curious if anyone has any experience with a hack that stops you from being able to edit or publish posts. Seems like an error on the hackers part because I would of never noticed it if I could post normally.

Any ideas?

[balls_deep]

I just removed a hack for the second time, mine is in the header though embedding a reffering code.

i just reinstall right away, which i did again today. I wish i knew how they were getting in.

[mynameisjim]

You mean reinstall wordpress or reload a backup? I may try a wordpress reinstall first as it's a bit faster.

I know, wordpress is getting terrible with the security. They need to suspend any "improvements" and just work on security.

[razor]

How do you even know that you have been hacked?

[balls_deep]

Quote:

Originally posted by razor
How do you even know that you have been hacked?

view your page source code and check for unwanted java strings

[mynameisjim]

I have to say that was a good one whoever did it.

Not one weird snippet of code anywhere that me or my host could see and the source files all showed no changes since well before it was hacked. Somehow it was writing links into the posts on the fly and they were different links.

Spooky.

Just kept going to later and later back ups till it went away.

[Cozy Monica]

Did you check your plugins or your template? Those are the most common places for hacked code to get picked up.

[mynameisjim]

We only went over the wordpress files and couldn't find anything. But none of the files had a recent modified date.

I'm going to take the wordpress link off of all my blogs because I think some of the bots the hackers use search for that.

[Cozy Monica]

Are you on a dedicated server? If not, it could have been someone on your server... it makes it easier for them, or for any virus style hack to get at your installation.

[balls_deep]

I just had a thought. The only blog i have that keeps getting hacked still has the wordpress meta tags in it for loging on and what not.

my blogs that have it removed never are affected.

I think i'll remove them tomorrow.

edit : I already took it out, lets see if that stops it.

[mynameisjim]

You might be on to something. The blog that has been twice hacked still has that as well. The hackers must search for that too.

I'd like to remove as much "wordpress" stuff as I can. I'm sure they have some sort of automated search/hack program so if you can avoid that, only real visitors will get the idea to hack your site which are much lower odds.

[sunfunbill]

HHmmm, interesting. Just so I know what you mean, your talking about when you get a new WP install you have that "log in, blog roll" and all that in a side bar.

When you put a widget in that sidebar, that goes away. Is that all you need to do, or do you still have to manually go in and cut it out of your sidebar page, even if it does not show on your site??

[balls_deep]

Quote:

Originally posted by sunfunbill
or do you still have to manually go in and cut it out of your sidebar page, even if it does not show on your site??

I took that little bastard out completely, im pretty sure that's how its getting in.

[odysseus]

I have always taken the login/logout links out of my blogs from day one. Mostly because since I was the only one using them, I figured I didn't need them there. I haven't noticed any of my blogs ever getting hacked. So there may be some merit to your idea that it is an entry point, or an element that a script searches for.

Of course, there is the possibility that even a hacker script can see my sites and say "Jeez, this one's not even worth it."

[Cozy Monica]

I find this interesting because I've never had a problem with any of my Wordpress installations either... and I always remove the login and links etc from the sidebar immediately too.

[balls_deep]

I'm pretty sure it has something to do with it. My mainstream site is the only one ever hacked and its the only site i ever left those tags in.

even when i left my blogs 777'd for over 6 months I never had a problem as long as the login meta wasnt there.

[sunfunbill]

Yeah I never understood why anyone would want to have a link to their back end right out there on their blog. Seems like a tease to hackers. I always get rid of that soon as I upload.

Only problems I've had so far was that big mess where they put in a phantom user and screwed up your database.

[housekeeper]

I'm so clueless as to the lone blog that I have up now, I'm considering deleting it and starting from scratch after I've schooled myself better. How did the majority of you get the education for running blog software? I'm not doing the blog justice and it hardly serves me well either, where's the best place to start?

[odysseus]

Quote:

Originally posted by housekeeper
I'm so clueless as to the lone blog that I have up now, I'm considering deleting it and starting from scratch after I've schooled myself better. How did the majority of you get the education for running blog software? I'm not doing the blog justice and it hardly serves me well either, where's the best place to start?

I wouldn't recommend scrapping it necessarily. My first blog was where I cut my teeth with wordpress. So my education was to just jump in and start swimming.

I made a custom theme, but it was so poorly designed that I had to put all sorts of HTML into the posts to get them to look the way I wanted. Now updating that blog is too much work because of all of my hack jobs and such. But here's the thing. That blog has about 2 years worth of content on it, and generates enough sales just sitting there doing nothing go justify keeping it up.

If you have content and are getting search engine traffic, and feel you'd like to apply some newfound knowledge on a new blog, then I'd recommend just starting a new blog. If you have a strong reader base, then perhaps you could make a nice post asking what they would look for in improvements, and let them know the new URL when you are live.

[sunfunbill]

Well I just looked at the others that are out there and figured out from that what I should do. A little studying the WP tutorials, a few questions there, a lot of looking at other blogs and a WHOLE lot of playing around with the code and learning from trial and error.

However I don't make my blogs the way most do, I make them into a full site. To each his own, whatever works for you.