functions,php files hacked

mjiantor
(@mjiantor)

13 years, 1 month ago

Hello all,

I was recently contracted out by an entertainment company to do some light web design work. Over the past weekend, no more than three weeks into my contract, I was alarmed to discover all their WordPress websites had ceased to function.

Now, I am not a web developer by any stretch of the imagination. However, I have been able to deduce that the problem lies with a piece of code that is being added to the functions.php file.

[Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]

This code was added to every functions.php file on our Windows server. If I restore the file (relatively easy), the websites work perfectly fine. However, the malicious code returns within a few hours.

Has anyone encountered this specific attack before? Is there any way I can protect my functions.php files? Or can this only be resolved by generally strengthening server security?

I apologize for any naivete or lack of details in my question. My company unfortunately does not see it fit to hire a full time web developer or IT guy, so I am doing my best with my modest technical skills.

Viewing 5 replies - 1 through 5 (of 5 total)

esmi
(@esmi)

13 years, 1 month ago

You need to start working your way through these resources:
http://codex.ww.wp.xz.cn/FAQ_My_site_was_hacked
http://ww.wp.xz.cn/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Anything less will probably result in the hacker walking straight back into your site again.

Additional Resources:
Hardening WordPress
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

RobinInTexas
(@robinintexas)

13 years, 1 month ago

↑ ↑ ↑ ↑ ↑ That also 🙂

Try installing Wordfence it can scan all the files looking for changed code. http://ww.wp.xz.cn/extend/plugins/wordfence/

After installing you need to configure the options to add scans of plugins and themes to the default scan.

Thread Starter mjiantor
(@mjiantor)

13 years, 1 month ago

Thanks, I suppose I’ll get to work on that big pile of links.

badbrush28
(@badbrush28)

12 years, 3 months ago

our wordpress was hacked and we reinstalled with the newest version. Our site is hosted at Network Solutions and they we need to delete all wordpress files first, then reinstall. I have a list of some of the suspect files, would I be able to go thru and remove all / any of those suspect files, or would it be better to just get rid of everything except my clients content files, and reinstall ?

Also, how can I be sure not to delete the clients content files as I do this ?

esmi
(@esmi)

12 years, 3 months ago

@badbrush28: If you require assistance then, as per the Forum Welcome, please post your own topic.

This 9 month old topic references an old version of WordPress.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘functions,php files hacked’ is closed to new replies.

functions,php files hacked

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics