Wordpress Themes - WP Forum at BFA

Wordpress Themes - WP Forum at BFA (http://forum.bytesforall.com/index.php)
-   Atahualpa 3 Wordpress theme (http://forum.bytesforall.com/forumdisplay.php?f=2)
-   -   [SOLVED] My Atahualpa-powered site hacked, redirects elsewhere (http://forum.bytesforall.com/showthread.php?t=11410)

bswb97 Nov 27, 2010 02:02 AM
[SOLVED] My Atahualpa-powered site hacked, redirects elsewhere
 
Ok, so this isn't a Atahualpa-specific question, but maybe Juggledad, Flynn, and co. can help out with this. Some jerk-offs hacked my site at www.awesomevideogamenews.com. Right now, it just redirects to some other crap.

Here's what I know:

1) CPanel on the host does NOT have a redirector listed, so I don't think that was compromised.
2) All of my FTP files are still there. I checked the saved dates on all the relevant files I could think of and they were all months old, the last time I worked on the site layout.
3) The Cron Jobs and RSS still are working.
4) When I look at the source code, all files are being called with a /, not a true directory path. So it has to be a redirect since those files don't exist on my server.

Help!

bswb97 Nov 27, 2010 03:12 AM
I am up waaaaaaaaaaaaaaay too late troubleshooting this. But I'm pissed off!

Here is the current source code that SHOULD be the header:
HTML Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

  <head>
    <title>Youth Sports Coaching Blog</title>
    <meta http-equiv="Content-Style-Type" content="text/css" />
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css" media="all">@import "/misc/drupal.css";</style>
<script type="text/javascript"><!--
  var BASE_URL = "/";
--></script>
And here's my header.php
HTML Code:
!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
<head>
<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
So there's a difference right after the <head> callout...and I'm guessing that means it's not even getting to my header.php, right? I had read about a WP hack from earlier this year that inserted a javascript redirect into the header.php file, so that's where I got that idea.

Based on my Cron Job logs, I identified the hack at between 11 AM and 1 PM today PST. In my CPanel root directory, I saw .bashrc was updated at 11:32 AM...but I know nothing about Linux, so I don't know if that's over my head.

bswb97 Nov 27, 2010 11:19 AM
Hosting company contacted, they had a hardware issue and a mixup with the DNS. So fortunately, I didn't get hit with one of those WordPress-specific hacks from some months ago.

Please ignore my late-night ramblings. :)


All times are GMT -6. The time now is 03:50 AM.

Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.