My wife’s WordPress blog was hacked a while back. I had been lazy and not upgraded in a while. It took me a while to even notice that it had been hacked because everything seemed to be working fine.
I noticed a strange file the other day when I was backing up her files before doing the long overdue upgrade. It looked mean when I opened it so I did some Googling and sure enough, she had been hacked.
Photo by: faeryboots
You can test to see if you are hacked by adding /wp-content/themes/remv.php to your normal URL. For example, testing this site you would look for http://www.webbythoughts.com/wp-content/themes/remv.php. If you get some kind of 404 error or something indicating that it couldn’t find the file, you are probably okay. If you get an Access Denied error, you have problems.
Another way to check would be to open up your FTP program and look in the wp-content/themes directory of your install and see if a remv.php file exists. If so, you need to take corrective action.
There are already tutorials out there that will walk you through what to do. I recommend Jason Cosper’s remv.php fix tutorial. It worked perfectly for me.
It looked like a lot of work when I first read the tutorial but it only ended up taking about 5-10 minutes longer than a normal WordPress upgrade would take. And if you are running an older version of WordPress you should really get your self upgraded anyway.
If you don’t want to deal with it and just want to hire somebody to fix it, feel free to send me an email and I can fix it for you.
{ 1 trackback }
{ 7 comments… read them below or add one }
Make sure you check your footer and wordpress/index.php file for the malicious ‘eval base 64 code’ – that is where I found it on my website.
Hackers can’t even spell!
NH. That sound like another fun attack.
I think that if you do the steps in the post I linked to, you will be installing a new (upgraded) version of WordPress which will include a new index.php file directly from WordPress which should take care of any code injection problems you might have picked up along the way. If you have that kind of a problem, you might be better off deleting (after backing up, of course) all of the files on your install and uploading a fresh WP and then just copy back any image directories, plugins, custom themes etc. that you use.
Thanks for the info on this and for offering to help out others with this same of kind of problem.
Keep up the good work!
——————————–
http://www.jsws.com.au/web-design
Thanks for the info but when you say you hadn’t upgraded in a while, how far behind was it in versions? I upgrade WordPress when time permits but I am guilty of ignoring the upgrade alert at the top of the page because it means upgrading my wife’s blog, my sister’s blog, and a friend’s blog as well.
Current fav:
http://www.moobag.com
GreenLt, I can’t remember which exactly, but somewhere in the 2.6.X versions.
Uh-oh. Looks like I’ve got some work to do tonight.
Thanks webbythoughts.
Current fav:
http://www.moobag.com
I am happy that I visited very nice blog.All the best and thanks for the info.