Jump to content
Sign in to follow this  
athletics

Second hacking in one day

Recommended Posts

athletics

Hi, My website was hacked twice in one day. I'm sorry to say but it seems that my iBlogPro theme is the door for the hacker. My solution for the moment is to re-upload an iblogpro theme directory and reactivate it and the blog seems to be OK. Any ideas are welcome.... Thanks!!!!

Share this post


Link to post
Share on other sites
Simon

I find it hard to believe, what makes you think the theme is a security risk?

Share this post


Link to post
Share on other sites
Simon

No PageLines themes use TimThumb

Share this post


Link to post
Share on other sites
athletics

The point is: I solve my issue by uploading iblogpro in a new directory in wp-themes, go to my wordpress administration, activate the new theme and the issue is solved!! my question is why?

Share this post


Link to post
Share on other sites
Simon

Your FTP password is compromised? Or a plugin? Or another theme? Or your hosting password? Could be anything. Without logs we cannot tell.

Share this post


Link to post
Share on other sites
athletics

apparently the plugin w^-databas-backup is insecurely so i desactivate it. i'll see. i have changed my ftp pass and hosting pass. iblogpro is my only theme!

Share this post


Link to post
Share on other sites
athletics

I've a message from my hosting : I have checked your website and can't see that is hacked, also I have checked your account on the suspicious files, and found the following: /home/xxx/public_html/.htaccess: Suspicious(RewriteRule): RewriteRule ^index.p /home/xxx/public_html/wp-admin/includes/class-wp-filesystem-ssh2.php: Suspicious(phpinfo): phpinfo() streams /home/xxx/public_html/wp-includes/Text/Diff/Engine/shell.php: Suspicious(shell_exec): ogram via shell_exec to comput /home/xxx/public_html/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php: Suspicious(shell_exec): $data = shell_exec($cmd); /home/xxx/public_html/wp-content/themes/iblogpro/sidebar.php: Suspicious(base64_decode): gzinflate(base64_decode('AWF+noF4 Do you understand? Thanks

Share this post


Link to post
Share on other sites
Simon

If it insecure DELETE it, disabling hackers can still load the php files. Delete any plugins or themes you do not use. So many people try like 50 plugins and leave 30 or so to go out of date disabled.

Share this post


Link to post
Share on other sites
Simon

I'd say delete ALL files, and reupload a fresh wordpress and fresh theme.

Share this post


Link to post
Share on other sites
Simon

hang on lol the sidebar should not contain ant base64 These are all normal wordpress files: RewriteRule ^index.php class-wp-filesystem-ssh2.php Text/Diff/Engine/shell.php wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php

Share this post


Link to post
Share on other sites
athletics

so what should i do with the sidebar?

Share this post


Link to post
Share on other sites
Simon

delete everything, re-upload new wp and theme.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×