Help with Finding Hacked Code

Discuss webmaster issues, website development and resources. Ask questions about website building, coding, SEP/SEO etc here. NO ADS!

Moderators: magnetize, Oosha, ftello, shezz

Help with Finding Hacked Code

Postby WordPlay » Thu Nov 19, 2009 4:11 pm

I think one of my WordPress blogs has been hacked but I'm having a hard time finding the problem so I can fix it. Can anyone point me in the right direction?

Here's what I know:

I got this comment on h**p://vintageholidaycrafts.com this morning: "I had to use a proxy to read your posts, it kept sending me to some weird mobile browser saying something about encrypted content." I thought it was just spam until I saw this when I tried to view one of the categories on IE on a Mac:

"You do not have the plug-in needed to view the 'application/x-shockwave-flash' type information on this page."

I don't have any Flash elements on that site, so there shouldn't be the need for a plug-in. Oddly, I don't get that message in IE or Firefox on a PC, but that might be because I hadn't been to that site on that particular Mac before.

Also, the post text and titles are now centered instead of flush left in IE on a PC and the left column is 2-3 times wider than it should be. It appears normal in Firefox on a PC though. And my incoming traffic dropped dramatically yesterday. It looks like it's mostly Google traffic, which I assume is because of this problem.

I ran the site through the W3 Validator and didn't get any significant errors, just a few broken links.

Any idea what's going on here? I would greatly appreciate any help. Thanks!
User avatar
WordPlay
 
Posts: 50
Joined: Mon Apr 21, 2008 10:47 am
Location: Florida

Re: Help with Finding Hacked Code

Postby korprit » Thu Nov 19, 2009 4:50 pm

i didnt see anything in the source, but that doesn't mean you weren't compromised. i would check all the files and 'sections' (ie. widgets) that are sitewide, manually. that means opening the files and looking for something blatant. often hacked files are encrypted and you will have this huge f-ing block of jibberish. find the busted file(s) and repair or replace them.

i would look through your header especially (this seems to be a primary target in my experience). strange things tend to appear there a lot. again, check it manually (from the command line).

if you see something odd, be SURE you search the WP database to find any reference to the oddity. i found that modifying a header (repairing) wouldn't work, as it kept coming up bad. found an SQL string injected that modified the header everytime it was called. removing from the database stopped the issue.
User avatar
korprit
 
Posts: 596
Joined: Thu Feb 19, 2009 2:25 pm

Re: Help with Finding Hacked Code

Postby WordPlay » Thu Nov 19, 2009 5:40 pm

Thanks! I'll start digging.
User avatar
WordPlay
 
Posts: 50
Joined: Mon Apr 21, 2008 10:47 am
Location: Florida


Return to Web Development Resources

Who is online

Users browsing this forum: No registered users and 1 guest

cron