Site hacked with Untitled posts

  • I think our site has been hacked, since a couple of times a day posts titled “Untitled_9” or “Untitled_10” show up on the site. They do not have correct IDs and dates in the database, and they look to be created by users who were not logged into the site that day. We keep deleting them and have done a lot to try to stop them, but they keep coming back.

    I’m worried that this is the first step in a hack and this business site could go down and effect my client. Anyone else see this?

Viewing 9 replies - 1 through 9 (of 9 total)

  • Do you have anything to stop hacking on your site? There are various systems you can buy at reasonable cost.

    If you are interested in some, please let me know…

    I have a couple in mind that seem very effective.

    Best Wishes

    Andy Moore

    Thread Starter WP Monkey

    (@scdesmond)

    I found the following in our .htaccess file:

    AuthName "<sitename>"
    AuthUserFile "/home3/timbero8/.htpasswds/public_html/<sitename>/passwd"

    For this forum I replaced our actual sitename with <sitename>.

    I deleted these lines but also noticed that this code was repeated twice in the .htaccess file as well:

    # BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

    Should I delete the second one as well?

    Thread Starter WP Monkey

    (@scdesmond)

    Has anyone else seen this? I have 2 sites where this is happening, at least once a day an Untitled post is being created, and not by a live person. I have firewalls and file monitors in place, plus a number of other safety precautions… but they are still there.

    Which sites?

    TylerPEI

    (@tylerpei)

    Hello,

    I am having the same issue. I have check file permissions and my htaccess file and everything seems fine.

    Once a day, I have one of my admin level users post a untitled draft post that is blank. He did not do this and I have changed his password to the site.

    Please let me know if you solved this, it is a business site as well and I do not want it to be hacked.

    TylerPEI

    (@tylerpei)

    Hello,

    I am having the same issue. I have check file permissions and my htaccess file and everything seems fine.

    Once a day, I have one of my admin level users post a untitled draft post that is blank. He did not do this and I have changed his password to the site.

    Please let me know if you solved this, it is a business site as well and I do not want it to be hacked.

    TylerPEI

    (@tylerpei)

    asappm.com

    Thread Starter WP Monkey

    (@scdesmond)

    Look very carefully at what other processes are firing off at the same time as the Untitled posts are being created.

    I found that it was coming from a form we had created using Gravity Forms and a post field had mistakenly been added to the form. Post fields mean that posts will be create when the form is submitted. User error, whoops.

    TylerPEI

    (@tylerpei)

    I was thinking it was something along the same lines but do you know how I can check where the post comes from or what fires off at the same time?

    I been removing plugins and anything I can think of … I been trying so many things with the website that I am not sure what it is.

    I also use Gravity Forms but not to post.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Site hacked with Untitled posts’ is closed to new replies.