1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Wordpress Hacked by Viagra Sellers

Discussion in 'WordPress' started by SenseHen, May 9, 2010.

  1. #1
    We are having the problem that at some place someone was able to inject code in our Wordpress installation. Now the Google Version of our Blog has tons of Viagra ads. We also recently wrote a post about it, but that did not fix it fully. If you check out the Google Cache, then it's still there everywhere.

    Any suggestions?

    Thanks!
     
    SenseHen, May 9, 2010 IP
  2. extremephp

    extremephp Peon

    Messages:
    1,290
    Likes Received:
    32
    Best Answers:
    0
    Trophy Points:
    0
    #2
    is the problem fixed? Are you Server protection reensured?

    Delteed malicious codes? and comments and all??

    Let us know that :)
     
    extremephp, May 9, 2010 IP
  3. Serious Workers

    Serious Workers Well-Known Member

    Messages:
    2,785
    Likes Received:
    65
    Best Answers:
    2
    Trophy Points:
    195
    #3
    Your site seems to be fine now, do you still have the problem?
     
    Serious Workers, May 10, 2010 IP
  4. SenseHen

    SenseHen Well-Known Member

    Messages:
    200
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    138
    #4
    I am still having the problem. Go to the thread I just mentioned and click on the homepage problem. Are you still being forwarded to the Viagra Page?

    Also the Google Cache is brand new but still has Viagra etc. cached.

    Thanks,
    Hendrik
     
    SenseHen, May 10, 2010 IP
  5. hmansfield

    hmansfield Guest

    Messages:
    7,904
    Likes Received:
    298
    Best Answers:
    0
    Trophy Points:
    280
    #5
    I had a client that had this problem.
    There was an image folder in with his Wordpress installation ( that someone had hacked and placed there) with a bunch of PHP code that was redirecting his listing in Google to other pages.

    Check every folder in your Wordpress install and make sure all of the files are supposed to be there.
     
    hmansfield, May 10, 2010 IP
  6. Serious Workers

    Serious Workers Well-Known Member

    Messages:
    2,785
    Likes Received:
    65
    Best Answers:
    2
    Trophy Points:
    195
    #6
    Nope. Everything is fine for me. Not, seeing any Viagra things on your site.
     
    Serious Workers, May 10, 2010 IP
  7. Mobile-Monster

    Mobile-Monster Well-Known Member

    Messages:
    862
    Likes Received:
    26
    Best Answers:
    0
    Trophy Points:
    105
    #7
    Yes its still infected. Checked your htaccess file ?
     
    Mobile-Monster, May 10, 2010 IP
  8. twiztedX3

    twiztedX3 Peon

    Messages:
    163
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #8
    Wait.. is it comments that your running into? Because you can stop comment spams with akismet
     
    twiztedX3, May 11, 2010 IP
  9. stevecane

    stevecane Peon

    Messages:
    209
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #9
    That sucks, and I'm worried! Has anyone got a reliable way to stop this happening? Is there a security plugin that stops it?

    Ste
     
    stevecane, May 12, 2010 IP
  10. hmansfield

    hmansfield Guest

    Messages:
    7,904
    Likes Received:
    298
    Best Answers:
    0
    Trophy Points:
    280
    #10
    hmansfield, May 12, 2010 IP
  11. rono

    rono Greenhorn

    Messages:
    84
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #11
    How could they have installed stuff on your server?
    When anything weird happens like that, the first reflex is to change your passwords (FTP, WP admin, etc.)
     
    rono, May 13, 2010 IP
  12. agtile

    agtile Active Member

    Messages:
    539
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    60
    #12
    agtile, Mar 13, 2012 IP
  13. oldude

    oldude Greenhorn

    Messages:
    27
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    11
    #13
    This happened to me as well. The hackers added a file called *****/public_html/wp-includes/js/tinymce/utils/utils.php to my Wordpress blog. (notice the extra ***/utils.php
    1. Remove that php file.
    2. Change your ID and Password for both your server and WP admin.
    It will take 2 to 4 weeks for Google's cache to be refreshed and stop showing the pharmacy crap.
     
    oldude, Mar 14, 2012 IP