Wordpress blog got hacked or virus

Hi

I just notice that there’s a load of text on my blogs side bar and it seems like got virus? I just published the blog post today before the wordpress 3.3.1 update and now i updated and the small texts are still there. Here’s the link, any one know how to fix this issue?

Damn it. I just checked Wordpress about 3 or so hours ago and they had not released an updated. If my Wordpress is hacked, I am going to be furious.

Did you have it fixed? I don’t see anything unusual there, to be honest… but then I don’t know which text was there before the problem arisen.

Before there were so many pill, viagra texts on the sidebar below the poll and after i updated the wordpress to 3.3.1, it was still there. So i purged it from the cache and it was gone by now. Kind of fixed it i guess.

I don’t know enough about WordPress to help you out with the specifics of making sure your site is clean, but remember to change all your passwords. If you’ve been hacked once, you don’t want to make it easy for them to have another go.

It’s happening again. You can see it here Look at the left side of the blog under the poll using Firefox browser. Any suggestions ?

I don’t see anything amiss. (I’m a little confused, though, as the poll is on the right side of the blog…) Can you post a screen-shot of what you’re seeing? And did you change all your passwords after the last incident?

Edit. Doing a site:drinkwhat.com search in Google produced odd results under drinkwhat.com/archives/ and drinkwhat.com/search/. I didn’t look beyond the first page of results.

Possibly contact your host. Maybe they are getting DDOS’ed and even though you changed your WP password they can still get in at the server level.

Can you see it now in here. Look at the right side of the website and scroll down under the poll. You will see so many small texts. Make sure use FireFox browser.

No, I’m still not seeing that, although as I said before, there clearly has been a problem because it’s showing up in Google’s search results. If you’re still seeing it, post a screen-shot. What steps have you taken to clean up the site?

I contacted the web server company and they told me that there may have been entry into your WordPress MySQL database and they noticed that I used a Cache plugin (W3 Total Cache). So backup the Database and emptied all the caches using the W3 Total cache. As result, the unwanted small texts under the poll survey has been removed or at least it’s gone for now. However, i do no know what causes this problem. Any suggestions?

OMG! It’s back again! Can you guys see it here? Make sure use a Firefox. Is my site got virus or what?

I don’t see it. Have you cleared your local browser cache?

Ok - this time I do see it, and it makes no difference which browser I use. There is a <div> in your sidebar with all these links in it, and if you didn’t put it there, then someone else did.

Somebody else may be able to give you more precise help in cleaning up a WordPress site, but as far as I know, the only sure way is to delete all files, restore a clean backup copy, change all your passwords and run an antivirus scan.

Yes, it looks like somebody hacked your site. Exactly where your site was hacked is unknown. Could it be the plugin that was hacked or another file? Do you host any other websites on your hosting account? One or more of those could have been hacked. Those hackers don’t like to go away easily. They can and often do stash backdoors all over your hosting account so if you find one, they will have another point of entry.

Your only option is to install every thing clean. Backup everything first including all files and database tables and then delete everything and reinstall Wordpress fresh along with all plugins. Also, take a look inside your database tables for any rogue code like iframes or javascript that shouldn’t be there. Somebody may have snuck an iframe into the post field of your posts table or something. You never know until you look.

That’s your only option. If you aren’t willing to go through the time and effort of deleting everything and installing everything fresh and clean, you can take a look at file modification times and see if you can find any that are out of the ordinary. If all of your file modification times in a folder are on the same date and one is much newer, that could be a clue that file has been compromised. But, hackers can change the file modification time to anything they want so this is not a fool-proof way of tracking down the problem.

I’ve been hacked, too. More than once. It sucks, I know. The only way to be sure you got rid of the exploit is to delete everything and install fresh. Be sure to change all of your passwords including your cPanel or other control panel password, your billing password, and your database passwords which are easily readable in the config files.

I would do what is suggested as a new setup of wordpress and import the database in … also i would install all these plugins

wordpress security plugins
wp-malwatch
bps security
wp security scan
better wp security
BulletProof Security
Secure wordpress
Ultimate security checker

Also make sure you are not using timthumbs.php. Make sure you have updated version. Always keep plugins up to date. I have fixed tons of wordpress sites because of viruses. One particular site was down every 5 hours. After install fresh WP and above it did not happen anymore . You have to do what the plugins asks to help mask things.

No wonder I’ve been getting loads of spam e-mails every day ever since the wordpress want me to install Jetpack for status and also I think i didnt update the thum generator file. I only host one website for one hosting account. When I contact my hosting company they said they don’t know if my site got hacked or not. They could only tell me that my database might have been changed. Anyway, so I back up my database first and then delete everything. I have to create my own theme again.

Well no, you don’t have to create your own theme again. You can open all the files you created and examine them to make sure all the code in there is your own. If you don’t see anything unusual, then you can assume those files are safe.

Yeah i would not recreate the theme. I would use those files. I would download them to my pc and take a fresh copy and use araxis merge to see the difference in the files one by one. It is much faster and you would have the same theme.

If I don’t use timthumb.php, what else can i use to generated the thumb image?