2.9.2 site hacked

My blogs hosted on godaddy were hacked today (6/8 at 2:24pm) with the base 64 code. I am new to the world of websites, but found this forum and particularly drcopy’s post from 3 weeks ago very helpful.

My dashboards were showing up as pure text and wouldn’t let me edit or add any new pages or adjust the content. Then I found the extra text in php files and saw they had all been changed this afternoon.

For any other newbies like myself, I used drcopy’s advice:
“But since I am with GoDaddy, I use their “history” feature in the file manager. When I see that my sites are infected, I delete every PHP file in the root directory and delete ALL WP folders. Then I go back a day with the history feature and restore all these files. This takes just a few minutes. Done. Problem solved…until the next hack. “

Google ” godaddy restoring a linux hosting account” if you don’t know how to do the above- I didn’t. Then the only thing I was temporarily confused about was if you restore the files, godaddy will make you change the file names to include “restore” before you can finish the process. So then you’ve got to select them all and hit “rename” up in the tool bar and go back and take all those ‘restore’ additions out so they have their original names. At least, that’s the way I did it, and it worked. If there’s a way with less steps, maybe someone will let us know!

I got it again with WP 3.0. I’m on Dreamhost and not sure what to do to prevent this. Sure, the fix seems to work, but I have pushing out these hacks to site visitors and I would like to resolve this once and for all.

I have changed all my hosting passwords as well as my WP administrative passwords and they are extremely secure.

Hi Everyone,

My WordPress blog – which lives at https://christian.herwitz.com – is all kinds of messed up. If you navigate to the site, you’ll see that it launches a bogus Windows-esque malware scan (https://www1.glory4.co.cc/?p=p52dcWplanKHjsbIo22AgXOOipnVbWGWZInT1m6uqG2Lw8ydb5aYh5mamavKU9janW2QZWVslmSUaGGeZYnX15Krp6mikomqb1qtnaygnXaHk83Slm1Tqpud22qImaCjXpqYkWJwYGiWj5Rpa1qrmZ5xoK3VnZ6VYJOVppur2JbDnl7OktXbzKWxYJnUzpJfpqd2ZWprb3CXZJqaaVahp2R1lV%2BZZ2ecZJmYm1ealXO6tImwm5h2bWto), trying to get you to download executables. Google Webmaster Tools isn’t picking up whatever’s doing this, so does anyone here have any suggestions?

My site’s on Bluehost, with WP 3.0, and the sucuri.net fix doesn’t seem to work.

Thank you for your help!

–Christian

All my WP sites at HostMonster got hacked 3 days back !
I have sun the sucuri script and alls well but whats the permanent solution ? Is it being discussed in any other thread here ?

nims: I don’t think there is anything you can do, since those are mass attacks against hosting companies.

It looks like Godaddy fixed their servers, since no one else got hacked there. However, Bluehost and dreamhost keep getting hacked. The last one was from whereis dudescars .com:

https://blog.sucuri.net/2010/07/yet-another-series-of-attacks-this-time-using-whereisdudescars-com.html

yes i am on dreamhost and sites hacked again. the two other hosts i have are fine.

am going to solve this problem by moving my sites and cancelling my hosting with dh.

when i ask for help dh says it’s a wordpress issue. and wordpress forums say it’s a host issue. becoming a sad joke.

danjenkins: try this host there very reliable easy to use and can help if your site is hacked again

https://ismywebsite.com