OnMyWordPress; 6th WordPress Hacked via iframe
Lately I receive a lot of messages from my virusscanner about websites which I should not trust……
At that point I am able to decide “not to open those sites”….. and sometimes I even send the administrators of the sites a little warning about this.
BUT; this week I had the same warning ON ONE OF MY OWN BLOGS !!!
Yes – I did get the warning that MY ONW SITE had “a virus on it” – malware connected to iframe…
I really had no idea about “what happened”…. but it was a sure thing = it was not safe to go to my website…..!
BUT; that blog is getting (on some days) more than 400 unique visitors a day…. so I needed to get it fixed right away !!
Lucky me; I was a bit prepared – as I am running that same site on my local server for random tests….
The tip of todays “OnMyWordPress”…. is not going to be “how to make sure your WordPress site is not getting hacked” = I will try to explain “how to fix it” after the hack has happened.
And why the fix instead of protecting..??
The protection is not going to give you a 100% guarantee – just like you protect your house – preventing to get it on fire… = BUT you also need to know what you should do once a fire started !!
My tip would be;
Once your site is running; take a back up of the whole WordPress installment to your own computer; maybe via the FTP client program (see this post).
At the moment your site is hacked (to receive this warning – you do need a good virusscanner like Avast) – you should replace the infected files.
Via your FTP client program – you can check all the WordPress files and you will discover all kinds of WordPress files which have another date than most of the others….
For example; index.php // wp-config.php // wp-settings.php will have different (closer) dates than the rest of files…
Pls remember that date… !! And go through to all the files of your WordPress installation – and you should replace all the “strange” dated files with the once you kept as a back up on your local computer….
At least; this is how I did repair my site……!!
To be sure with the files AND maybe you would like to see what has been changed within the php files; you can open “the infected ones” in Notepad ++ and compare them with the ones you have saved on your computer; most cases – the first line (right after <php – has been changed.
Again; BACK UP is very important !!
Good luck UNhacking… !!
====================
Series of OnMyWordPress;
- ThemeHybrid (theme)
- Admin Favicon (plugin)
- AdSense Manager (plugin)
- Akismet (plugin)
- Future Posts Calendar (plugin)
- WordPress hacked via iframe (tip)
cuzin ni ni ddenz?
Sorry ciL – I have no idea what you are trying to say…..
(btw – do like your site !)
[...] Last time I told you about “one of my sites being hacked”…. In that article I also told you how I was able to make this “iframe hack” disappear. [...]
Like real life viruses, they can always develop and mutate making protection non effective sometimes, this is a top blog for fighting the battle against viruses on websites.
You can also check your website at http://novirusthanks.org to check for malicious iframe.I had the same problem which i solved easily.
It is very difficult to see our site is being hacked or being attacked. good to hear that you solved your problem immediately. and i like yor site..
Hi,
Thank you for posting this info. It did help us solve our issues….but it also lead us to a more direct way of solving this hack.
When we looked at our dates, we notices that .htaccess file was duplicated and also had the same date as the other hacked files. Fixes the .htaccess file or even just reverting the original .htacess file fixes the whole business of the redirect.