1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Was I Hacked?

Discussion in 'General Chat' started by Ralph23, Feb 20, 2009.

0
  1. #1
    Alright, this all happened to me while I was out of the house using the schools library computer a few hour ago.

    I was browsing my site, nothing out of the ordinary. My site is a wordpress based blog, just in case it matters, version 2.7.1 (latest).

    I go to click on to go to Page 2 of the index page (browsing through posts) and I am greeted with a "Blocked" page. (I'm at school, they filter websites.) I went back and hovered over the link to see what was up, and this is where it linked to:

    http://mydomain.com/page/2?SomeCodeHereRedirectingSomewhere

    It was redirecting to a .swf file on a site called mixcom.ru (DO NOT GO THERE. May be malicious.)

    I immediately went onto the sites wp-admin (control panel for wordpress) and looked through all the necessary files to see if I could find the source. Nothing.

    I went back to the page and refreshed a few times, and it was back to normal. The odd addition to the link was gone. Back to normal...

    (Note - when I first noticed the odd link, I had refreshed, cleared my cache, tried another browser, it was still there).

    This appeared to only have affected my pagenavi plugin (it's used to display pagination on wordpress blogs, "Goto page 1, 2, 3, ..." etc...).

    Was I hacked or something? This never ever happened before.

    Any comforting words appreciated, lol.

    Thanks.
     
    Ralph23, Feb 20, 2009 IP
  2. ActiveFrost

    ActiveFrost Notable Member

    Messages:
    2,072
    Likes Received:
    63
    Best Answers:
    3
    Trophy Points:
    245
    #2
    This could be due to some advertising company code ( like popups, etc. ) .. They like to mess everything up ( that's only in case if you have one ) :D
     
    ActiveFrost, Feb 20, 2009 IP
  3. Ralph23

    Ralph23 Peon

    Messages:
    493
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Nope, none of that on my site. Plus, when I clicked the link and saw the "blocked" page, it said because the site was "Malicious Code". Definite spyware or something I'm guessing.
     
    Ralph23, Feb 20, 2009 IP
  4. ActiveFrost

    ActiveFrost Notable Member

    Messages:
    2,072
    Likes Received:
    63
    Best Answers:
    3
    Trophy Points:
    245
    #4
    Depends on /who/ said it - Firefox or antivirus ?
     
    ActiveFrost, Feb 20, 2009 IP
  5. Ralph23

    Ralph23 Peon

    Messages:
    493
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #5
    It was the schools filter that said it was "malicious code". Search for mixcom.ru in google. it doesn't look like a very trusty site. I'm looking to hear what you guys have to say, what I should do, find out how the code got there, etc...
     
    Ralph23, Feb 20, 2009 IP
  6. mvandemar

    mvandemar Notable Member

    Messages:
    2,409
    Likes Received:
    307
    Best Answers:
    0
    Trophy Points:
    230
    #6
    Even though you are running the latest Wordpress, if you were hacked before upgrading and didn't notice it then they might have left a back door to get in again that you missed.

    I wouldn't take any chances, and would do a complete wipe and reinstall. I wrote a decent tutorial here:

    How To Completely Clean Your Hacked WordPress Installation

    Also, once you do get it cleaned out, make sure you switch to a new, nice strong password:

    Password generator

    Good luck with it. :)

    -Michael
     
    mvandemar, Feb 23, 2009 IP
  7. rsrikanth05

    rsrikanth05 Well-Known Member

    Messages:
    1,362
    Likes Received:
    25
    Best Answers:
    0
    Trophy Points:
    190
    #7
    Yeah, Google AdSense loves doing that.
     
    rsrikanth05, Feb 23, 2009 IP