My Wordpress blog hacked for the second time

M

Myler

the horror.
Apr 25, 2009
531
6
0
G16
I have a little WP blog running on Hostgator, nothing serious, just some personal sports stuff I have on there.

Few days I go I coulnd't access my site, or my WP admin page. So I contacted Hostgator support and they told me my site was infected with "iframe".

It got cleaned up, running, everything normal. I cleaned my PC with latest version of Malwarebyte's and Combofix. Changed the passwords.

Then I put AVG on my PC to keep it safe.


Now I went to edit something on my blog and I get the similar error.

Code: 
Warning: Unexpected character in input: ''' (ASCII=39) state=1 in /home/dnko051/public_html/index.php on line 17

Parse error: syntax error, unexpected '.' in /home/dnko051/public_html/index.php on line 17

I can't access the site, I can't access the admin page, and I can't connect to FTP with Filezilla, I don't know why's that happening.

Hostgator support told me that they've attempted to restore it already, but once it completed it was apparent that the site was hacked and then their backups ran.
:confused:

How can I prevent this from happening? I mean, the blog isn't vital to me or anything like that, but it's annoying, I paid for the site to be up not down.

I don't go to those 3X or warez sites really, so I really don't know where do those virus' find me.

It seems AVG isn't enough. Any ideas how to keep the blog clean?
 


I'm guessing your usename and password is 'admin' and 'password' and you don't use ssh/secure FTP when you log in to your host

Basically at this point you need to copy the text from your blog into note pad or whatever and completely rebuild wordpress with a fresh install/new database. Have your host reset your FTP password as whomever compromised your system has probably changed it to keep you out.

Also security on your local machine doesn't prevent someone from hacking your website.
 
LotsOfZeros said:
Why does every "I got hacked" post have Hostgator in the text somewhere?
Click to expand...

Because people do stupid shit on shared servers that affect other users. Plus shared hosts are really easy to attack all sites on that IP. Find one with a vulnerablity and ohhh goodie -- a lot more on same server.
 
No my password is pretty complicated to be exact.


Are these hacks happening because my PC is badly protected or not protected enough or because Hostgator is slacking?


And one more thing, whats the best way to completely backup Wordpress blog?
 
You're probably running cpanel so log in and click this:
f2uff7.png


The rest is self explanatory.
 
unless you have a keylogger on your computer.

no one is going through your pc to your blog.


like i said keep wp updated. never hosted at hg and don't plan to.
i use phatservers, eyow, and asmallorange
 
About that iFrame exploit - how to get rid of it?


I cleaned up my PC with Malware few days ago, I did the full (4 hour) scan with AVG today, nothing found but still


Any more efficient program out there? Or a specific patch to fix the iFrame issue?


It's really annoying. It didn't ruin any of my blog - it just edited few php files in a way that it deleted half of them, so when I replaced those few files with the original ones from my PC, blog was up and running no problem.


The thing is I would like to prevent it from happening.
 
they laughed at me when I said hostgator was shite, and stiffed their affiliates.

not laughing now, are ya???
 
Refrozen said:
I'm betting your wp-config.php is chmodded 0777 and there's a web shell like c77 somewhere else on your server.
Click to expand...

My wp-config is 755 now. Should I change it?

I don't know what do you mean by "web shell like c77" ?





PS I changed my FTP pass.
 
You must log in or register to reply here.
Top Bottom