Equipping You to Communicate Effectively
library of 19K+ images, videos, etc
Go Pro!
Equipping You to Communicate Effectively | support CMN & share a library of 19K+ images, videos, etc Go Pro! |
 |  |
| |||||||
| General Website Design Talk about websites, streaming and more in this forum. |
 |
| | Thread Tools | Search this Thread | Rate Thread | Display Modes |
Wednesday, June 13th, 2012, 02:11 PM
| |||
| |||
| I hope that someone can shed some light on this. Let me first say that I am not the person that maintains the site but I have some knowledge of it. Our church websites ( www.empoweredministries.net and www.empoweredministrieschurch.org ) seems to have been tampered with somehow. If you go directly from the web browser address bar there is no problem that I have seen with either of them but if you go through a search engine, you either get redirected or there is a window that pops up and says that there is malware attempting to attack your computer and you should click here to fix it. Of course the warning is actually the malware trying to get you to invite it in. Attached are a couple of screenshots. Have any of you seen this kind of problem before and what can be done? Thanks, Lynn   |
|
Wednesday, June 13th, 2012, 06:38 PM
| ||||
| ||||
| Ya I get a 'Reported Attack Page' when I try to view it through a search engine. Works fine if I input the address though. By the way, nice template, I also used it on a site I did a while back  |
|
Thursday, June 14th, 2012, 12:01 PM
| ||||
| ||||
| I had that happen once and from what I understand, the 'hacker' inserts some php code that isn't supposed to be there. I tried tracking it down when it happened to me but couldn't find it so I ended up having to re-build the site. Not fun! |
|
Thursday, June 14th, 2012, 02:56 PM
| |||
| |||
| I was afraid that would be the case. I'll never understand how a person can be so intelligent that they can manipulate code pretty much any way they want to but so petty that they use it in such stupid ways such as this. |
|
Thursday, June 14th, 2012, 04:18 PM
| |||
| |||
| Restore the website from your backup copies. You DO have backups, don't you? |
|
Thursday, June 14th, 2012, 07:03 PM
| |||
| |||
| First off I would change your hosting account, FTP, MySQL, and wordpress admin passwords. You never know how they got into your site in the first place. Then either look in the php code for the nasty code and remove it or rebuild the site from scratch. |
|
Thursday, June 14th, 2012, 08:56 PM
| ||||
| ||||
| If you haven't modified things yet, now is the time to go through all the files on the site and look at the time stamps, this can help you find where the code was placed in there. The handling of the site differently when coming from a search engine can also be set via .htaccess as well, but will probably be via a .php file. Always make sure Wordpress is up to date, very important. Myself I recommend checking for updates weekly which is what I do with WP sites on my server. I have seen installes only 6 months old that were hacked and used to send out a ton of spam, to the point AT&T notified our IT guys about the volume coming from our datacenter. Tracking the logs, here they were making calls to the site with specific data that triggered something in WP to send mail. (Unfortunately, didn't get time to look into what exactly it was doing.) The pain part is, depending on the person who messed with your sire, they could have put files in not so noticeable areas that they know of and can call at some point down the road and modify files on the account again even AFTER you change passwords for the account and ftp. But defiantly change the passwords as suggested. Also then never do regualr FTP or regular WP login over open Wifi connections. This is becoming mire and more of an issue as everyone is getting laptops, they go to starbucks, etc connect and do things that are extremely easily sniffed to grab your login information. If you must use FTP, use SFTP which is secure. Giving more of an example of where to look is a little hard without actually being able to get into the system to look at files. Log files can be gold if you know how to use them. While it is a pain, there is part of me that loves to track things like that down, sad part is, I've done it enough, when it is a simple weak hack, I end up disappointed. Yeah, too much of a geek I am LOL I currently have a client that insisted on paying me for several months to go in and check his site once a month (I actually just do it with monday morning checks I do for sites) He had changed his password before when his site was hacked. Now that I changed it to something more secure, completely went through the site and removed all traces, and he knows now not to use open Wifi, site hasn't been touched where it had been several times before. Simple things can keep ya safe, usually people just don't know about them -Greg |
|
Thursday, September 6th, 2012, 03:31 PM
| |||
| |||
| It took some persistence and prayer but I think that the issue has been fixed. There were thousands of base64 code string loaded in the .php files. Every .php file in every theme, plugin, and admin folder had the same string of base64 code inserted. It took a while but everything seems to be working correctly now. I get a clean bill of health on the Sucuri free online scan now, whereas before, it found problems. Greg, I understand how you feel about the hunt. I do enjoy troubleshooting and fixing things! |
Linear Mode
