Title: Hacking Last modified: August 19, 2016 --- # Hacking * [themaclady](https://wordpress.org/support/users/themaclady/) * (@themaclady) * [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/) * My posts show up in my Google alerts. I watch them carefully for this very reason. * I know I have been hacked when I see the post with a bunch of spam keywords in it. * I am having this problem only with blogs on a certain server by the way. * Anyway, I have trouble-shot these before: finding these words in one of the template pages, a bogus user, and even one bogus user in the MySQL panel which I miraculously was able to delete using the My PHP Admin that is provided with my server. * This time I cannot find where the words are located or the source, the blog isn’t slow, and when you click the link it goes to the post just fine. * Where to begin? * Is there something inside the backedup DB file that keeps coming up even though I updated the WP version? * HELP. Viewing 15 replies - 1 through 15 (of 18 total) 1 [2](https://wordpress.org/support/topic/hacking-1/page/2/?output_format=md) [→](https://wordpress.org/support/topic/hacking-1/page/2/?output_format=md) * [alism](https://wordpress.org/support/users/alism/) * (@alism) * [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/#post-1355433) * Have a read of these to get you started: [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked) [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/) * Thread Starter [themaclady](https://wordpress.org/support/users/themaclady/) * (@themaclady) * [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/#post-1355443) * I’ve read those, but they don’t make sense because I can’t find the code. * I deleted a file they mentioned and it erased my ability to log in! * So I had to reupload the DB and start over.. thank God I had it backed up. * The smackdown link is too confusing… and usually I can find the malicious code… any hint on what file it might be in? * I just fixed about 10 of these a while back.. sigh. * Thread Starter [themaclady](https://wordpress.org/support/users/themaclady/) * (@themaclady) * [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/#post-1355446) * This is what came up for the text in my Google alert: * Doxycycline Horny Goat Weed Where To Get Lipitor RX Price For Lasix Canada Amoxil Testimonials Toprol XL Discount Avapro Cheapest Pills Where To Get Nizoral Effects Female Viagra Buy Nizoral Hartford Phentrimine NoRX Generic Accutane Health Forum Natural Cytotec Italy. * The rest worked fine and I saw none of that in the actual post.. * So I’m stumped! * I am not clear on how to use the MyPHP Admin to find where the bogus user has made it so this gets into the posts. * Funny thing is, I just searched on Google and their entry is fine. (I just reposted it) * Maybe I did remove the bogus user and don’t know it? * Even when I click on the bogus Google alert I did not see anything wrong. * Thread Starter [themaclady](https://wordpress.org/support/users/themaclady/) * (@themaclady) * [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/#post-1355447) * In fact if you search on Google now, you will come up with my site with other posts that have that in it! DAMN! * [alism](https://wordpress.org/support/users/alism/) * (@alism) * [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/#post-1355448) * Could be in your theme, plugins, database, core files, might be something dodgy in your htaccess… * 10? How come you’re getting hacked so much? * Thread Starter [themaclady](https://wordpress.org/support/users/themaclady/) * (@themaclady) * [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/#post-1355449) * I ran a query (I think) to look for those words and it said this, but WHERE IS LINE 1????? * #1064 – You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘Doxycycline Horny Goat Weed Where To Get Lipitor RX Price For Lasix Canada Amoxi’ at line 1 * Thread Starter [themaclady](https://wordpress.org/support/users/themaclady/) * (@themaclady) * [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/#post-1355450) * I think they are doing it through the server, not WP itself. * Anyway, how do I find Line 1? * [alism](https://wordpress.org/support/users/alism/) * (@alism) * [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/#post-1355451) * Those specific words might not necessarily appear in the code on your site, but you may have some malicious code pulling spam in from an external site that’s generating those words. * Thread Starter [themaclady](https://wordpress.org/support/users/themaclady/) * (@themaclady) * [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/#post-1355454) * So how do I find that? * I searched and it has the words in a post with the name of the blog which tells me it’s in a header somewhere…. * So how do I fix it? * If you search you’ll see a post come up News and Views.. but no post, that’s the name of the blog… does that give you a hint as to where this is being pulled? * It only leads back to the blog, so I can’t see the purpose for the words. * Thread Starter [themaclady](https://wordpress.org/support/users/themaclady/) * (@themaclady) * [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/#post-1355456) * OK I just made a new post and it’s on Google and say 4 mins ago, and it’s still putting in the words. I can’t for the life of me understand the purpose this hack as it goes NOWHERE. * [alism](https://wordpress.org/support/users/alism/) * (@alism) * [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/#post-1355457) * You’ve not actually mentioned your URL, so I can’t search for it. * *Delete* all the core WordPress files and re-upload them with fresh copies from a new download of 2.9.1 (just follow the [manual upgrade](http://codex.wordpress.org/Upgrading_WordPress) instructions). * *Delete* and re-upload all your plugins. * Ideally you’d do the same with your theme (or restore from a known good backup). * Delete your .htaccess and re-save your Permalinks (if you have them) – forcing WordPress to generate a new .htaccess. Be careful not to lose any customisations you might’ve done yourself. * Then read the Smackdown link above regarding your database. You might want to try things like [Exploit Scanner](http://wordpress.org/extend/plugins/exploit-scanner/) too. * Getting hacked sucks I’m afraid. There aren’t really many shortcuts and it may require a lot of elbow grease on your part. * That said, have a look through your theme or plugin files first though. They’re quite popular targets as malicious code will survive even after you delete and re-upload the core WordPress files and well, people don’t change their theme or plugins that often. * Night. * Thread Starter [themaclady](https://wordpress.org/support/users/themaclady/) * (@themaclady) * [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/#post-1355458) * I don’t use plugins, at all. * I”ve looked through every file, don’t see any users. * The only hint is I think the permalinks were reset to numbers and I fixed that.. but there is no code in there. * Thread Starter [themaclady](https://wordpress.org/support/users/themaclady/) * (@themaclady) * [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/#post-1355459) * I can send you the URL by PM, don’t want to post it here… * [@mercime](https://wordpress.org/support/users/mercime/) * (@mercime) * [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/#post-1355463) * Check this out also – [http://ocaoimh.ie/did-your-wordpress-site-get-hacked/](http://ocaoimh.ie/did-your-wordpress-site-get-hacked/) Plus, found a solution to a friend’s WP site upgraded to 2.9.1 but had a leftover hack. This old youtube video shows the solution – [http://www.youtube.com/watch?gl=IT&hl=it&v=Obqa6jDV-WQ](http://www.youtube.com/watch?gl=IT&hl=it&v=Obqa6jDV-WQ) * Thread Starter [themaclady](https://wordpress.org/support/users/themaclady/) * (@themaclady) * [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/#post-1355465) * I read that site and he assumes you know how to mess with the MyPhpAdmin which I DON’T . I obliterated my ability to get back into one of mine after deleting a wrong file… sorry. * But I just did upgrade, the extra two users magically showed up in the user panel, I deleted them and saw why I had a red X in the MyPhpAdmin and now see what it‘ s supposed to look like. * Posts are now coming up clean. * I change the PW to my user, my cpanel, but how to change it on the DB without screwing up the works???? If I change it in the config file, isn’t there someplace I have to change it in the MyPhpAdmin????? Viewing 15 replies - 1 through 15 (of 18 total) 1 [2](https://wordpress.org/support/topic/hacking-1/page/2/?output_format=md) [→](https://wordpress.org/support/topic/hacking-1/page/2/?output_format=md) The topic ‘Hacking’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 18 replies * 3 participants * Last reply from: [themaclady](https://wordpress.org/support/users/themaclady/) * Last activity: [16 years, 4 months ago](https://wordpress.org/support/topic/hacking-1/page/2/#post-1355645) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics