Clean 2.8.4 Hacked :(

Ugh, I don’t know why I even waste time posting here.

What did your web host say? Are you on shared hosting? Are you still getting redirects will all of your plugins disabled?

Looks like you’ve done it right already. Can you share the URL? Other people confirming the behavior would at least confirm if it’s your blog or Mac.

If your files, database, and .htaccess are all good then it’s possible the web server itself was compromised. If that’s the case, your hosting company would need to fix it.

She’s not going to get redirects from her local machine.

Tell your host and find out what they’re doing for shared hosting clients. Sounds like their problem.

WordPress hacked FAQ

How to clean your hacked wordpress install.

Dodgy iframes still in the database?

Thanks guys! I’m glad I got desperate enough to come check back here!

URL: https://www.goashleygo.com

My host said that they looked through everything and my account “seems to be functioning normally.” I’m on shared hosting, I guess? I doubt that my $5/mo account is dedicated.

Just did a search of my DB for “iframe” and got nothing.

Today it seems to be happening when I hit the log in link in my footer, as well as randomly when I update an existing post or publish a new one.

Tried the Exploit Scanner plugin, but most of what it brought up was either marked “could be legitimate” (so how do I know what’s not kosher?) or was in the Exploit Scanner itself (which is to be expected).

I’ve checked all of my index.php files in WordPress. They all look as they should. I’ve looked through the source of my site home page and the add new post page. Nothing out of the ordinary there, but both have so many js things going on that there could very well be something there that I just don’t know enough to see.

Is my last resort to use something like Winmerge and compare known clean files to ALL of the WordPress files on my server? Because that would really suck.

??

ETA: just disabled/reactivated my few pluigns one by one, clicking around my site a bit in between each. It’s hard to tell if that did anything though, since the redirection seems to happen at random anyway.

Did you use the same name and password as before? Did you create a new .htaccess file?

What’s the URL so we all can at least see what shows up on this site?

Hope we can help.

Nope, changed all the passwords (used auto generated ones) and even changed the DB name and user name. Everything was created fresh and a clean 2.8.4 was installed.

URL in my above post ??

Do you get the same problem if you use a different PC/Mac to access the site?

Yep, happens on my PC desktop as well. I guess I should mention that we have found the koobface worm and some other random trojan on that thing, even though we use AVG and I don’t click on the warning windows (I just do the 3 finger salute to close out the browser). My husband takes care of that sort of thing. I’m a virus magnet, hence having bought myself the ibook.

For a while I thought it was just that computer doing it, but am still being redirected here on my ibook using Opera as well, so assuming it’s still something to do with my installation of WordPress >.<;;

Hmmm. I’ve got a funny feeling that Koobface screws with the DNS.

I’d try it from a different network (ie one that hasn’t got viruses and spyware on it!!).

so, take my laptop to someone else’s house and use their internet? How do we fix ours?

Try a different PC/Mac, on a different (hopefully clean) network. You ideally want to narrow it down to your two computers if possible.

can my husband try from his PC laptop here at our house on our wireless? Our Wii and xbox 360 also use our wireless…can this crap hurt those too?!

ETA: and so it should be safe to allow others to visit my site then?

You can try it… but whether it’ll prove anything if you get still get redirected is a different matter. Might still be your website after all, but just trying to help eliminate possibilities for you – divide and conquer! I’m sure others will chime in if they’ve got any other genius ideas. There’s plenty of people reading this forum that are way more qualified to talk about this type of thing than me.

I would suggest you make it a priority to clean up your known bad PC though. Having data stealing software on a PC is never a good. I’m sometimes amazed at how blase some people seem to be about that sort of thing (funnily enough, that usually only lasts until their bank account is suddenly empty and there’s a load of items they don’t remember buying on their credit card!)

G’night!