Wordpress Theme Hacked

DBWebDev · Dec 24, 2008

The theme on my crappy blog (Dave's Internet Marketing Ramblings) has been hacked, and I can't for the life of me work out how to fix it.

The only damage that I can see is that a link keeps adding itself to my list of links for a site: WordpressSupplies.com which I've had a look around and it seems it's happened to others in the past.

I can delete the link, but it always comes back. I'm wondering if they're are any other major security issues I need to worry about regarding this, or if it's just some silly little link injection.

I've looked through my theme files and can't find any malicious code. I've got the latest version of Wordpress, and the theme is just a modified "default" theme so I can't understand how it's got buggered.

Any suggestions?

Jizzlobber · Dec 24, 2008

Have you checked with your ISP about the availablitly of a backup for the most recent date that it was operating correctly?

abhorrent · Dec 24, 2008

Look here maybe? didn't read it all they talk specifically about wordpresssupplies.com
Dissection of a hacked WordPress Theme (how the hacked themes inject links and how to detect them) Chaos Laboratory

digga121 · Dec 24, 2008

That sux man, hope you fix it, I left you a comment, hopefully somoene wont steal my link

bobsoap · Dec 24, 2008

The article abhorrent links to is great, you might have that very problem. It's interesting though that you say you're using the default theme - are you sure you downloaded it from WP and not from somewhere else?

Also, did you ever upgrade to a Wordpress version 2.6.4? That's a fake WP version.

I'd try to reinstall the theme first. If that doesn't help, you can send it over and I can take a quick look at it, if you like.

DBWebDev · Dec 24, 2008

Jizzlobber said:
Have you checked with your ISP about the availablitly of a backup for the most recent date that it was operating correctly?

I'm not sure what you mean, if you mean does the host have a backup then I'm not sure. I don't know exactly when the problem started.

abhorrent said:
Look here maybe? didn't read it all they talk specifically about wordpresssupplies.com
Dissection of a hacked WordPress Theme (how the hacked themes inject links and how to detect them) Chaos Laboratory

Thanks for the link. I read that the other day, but I missed the part about functions.php. I had another long search and couldn't find any erroneous code.

digga121 said:
That sux man, hope you fix it, I left you a comment, hopefully somoene wont steal my link

Thanks for taking the time to comment

bobsoap said:
The article abhorrent links to is great, you might have that very problem. It's interesting though that you say you're using the default theme - are you sure you downloaded it from WP and not from somewhere else?

Also, did you ever upgrade to a Wordpress version 2.6.4? That's a fake WP version.

I'd try to reinstall the theme first. If that doesn't help, you can send it over and I can take a quick look at it, if you like.

Yea I'm gonna install the theme again and see what happens. I'm positive that it's the right one, and I've just upgrade from 2.6.5 to 7, I never had the fake 2.6.4 - I guess I'm just screwed.

Search

Search

Wordpress Theme Hacked

DBWebDev

$0.50/week

Jizzlobber

Moist

abhorrent

New member

digga121

ajaxking

bobsoap

Together we can do anyone

DBWebDev

$0.50/week