Hacked?

  • kopperdrake

    (@kopperdrake)


    15 years, 10 months ago

    I host three blogs on MediaTemple’s GS servers and had all three hacked by the JohnnyA hack about three weeks ago. After clean installs I thought all was fine, but the site at http://www.barrowupontrentparish.co.uk seems to have been hacked again. On first loading the page you get a small 1px x 1px iframe at the top of the page and an attemped redirect which Avast put a stop to. I assume I’v been hacked but how come so quickly!? Is it via the database, or ftp, or what?! Any guidance on how I can stop this and what I should do to get rid of this one would be gratefully received…I can’t face another complete reinstall. I run this blog as a favour to the village and it’s beginning to soak up so much time.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Jason

    (@jasonnts)

    15 years, 10 months ago

    Have you requested the FTP logs from you hosting provider to confirm the IP addresses that are logging in.

    Do you have an older version of WP?

    Do you have any other web applications that might be allowing a compromise of some kind?

    Mark Ratledge

    (@songdogtech)

    15 years, 10 months ago

    I can’t tell what WP version you’re using. But see FAQ: My site was hacked « WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress.

    Thread Starter kopperdrake

    (@kopperdrake)

    15 years, 10 months ago

    Thanks for the reply guys – it’s version 3.0, just updated to 3.01 after I’d seen the issue and it *seems* to have gone for now. I’ll have a look at the IP logs – not sure what I can do if I find an IP address other than mine though?

    As far as I know I have no other web apps that might be allowing another way in. I use CoreFTP Lite and SiteVault to back up my site. I have to admit I do wonder how trustworthy some of this s/w is though. I love SiteVault but it would be great if someone could make a piece of software like it specifically for WP.

    I’ll have a look at those articles as well songdogtech – I think I’v read the first, but the last one is something I really need to make the time to sit down and read through.

    Jason…Newtek as in LightWave Newtek?

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Hacked?’ is closed to new replies.

Tags