Wordpress Themes - WP Forum at BFA
There will be no more development for Atahualpa (or any other theme), and no support. Also no new registrations. I turned off the donation system. I may turn the forum to read only if it gets abused for spam. Unfortunately I have no time for the forum or the themes. Thanks a lot to the people who helped in all these years, especially Larry and of course: Paul. Take care and stay healthy -- Flynn, Atahualpa developer, Sep 2021

Wordpress Themes - WP Forum at BFA » WordPress Themes » Atahualpa 3 Wordpress theme »

[SOLVED] My Atahualpa-powered site hacked, redirects elsewhere

Old Nov 27, 2010, 02:02 AM
158 posts · Aug 2010
[SOLVED] My Atahualpa-powered site hacked, redirects elsewhere

Ok, so this isn't a Atahualpa-specific question, but maybe Juggledad, Flynn, and co. can help out with this. Some jerk-offs hacked my site at www.awesomevideogamenews.com. Right now, it just redirects to some other crap.

Here's what I know:

1) CPanel on the host does NOT have a redirector listed, so I don't think that was compromised.
2) All of my FTP files are still there. I checked the saved dates on all the relevant files I could think of and they were all months old, the last time I worked on the site layout.
3) The Cron Jobs and RSS still are working.
4) When I look at the source code, all files are being called with a /, not a true directory path. So it has to be a redirect since those files don't exist on my server.

Old Nov 27, 2010, 03:12 AM
158 posts · Aug 2010
I am up waaaaaaaaaaaaaaay too late troubleshooting this. But I'm pissed off!

Here is the current source code that SHOULD be the header:
HTML Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

    <title>Youth Sports Coaching Blog</title>
    <meta http-equiv="Content-Style-Type" content="text/css" />
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css" media="all">@import "/misc/drupal.css";</style>
<script type="text/javascript"><!--
  var BASE_URL = "/";
And here's my header.php
HTML Code:
!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
So there's a difference right after the <head> callout...and I'm guessing that means it's not even getting to my header.php, right? I had read about a WP hack from earlier this year that inserted a javascript redirect into the header.php file, so that's where I got that idea.

Based on my Cron Job logs, I identified the hack at between 11 AM and 1 PM today PST. In my CPanel root directory, I saw .bashrc was updated at 11:32 AM...but I know nothing about Linux, so I don't know if that's over my head.
Old Nov 27, 2010, 11:19 AM
158 posts · Aug 2010
Hosting company contacted, they had a hardware issue and a mixup with the DNS. So fortunately, I didn't get hit with one of those WordPress-specific hacks from some months ago.

Please ignore my late-night ramblings.



Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Error installing atahualpa 3.5.3: blank page plus Powered by WordPress &amp; the la christina! New Versions, & Updating 4 Aug 29, 2010 01:53 PM
To delete Powered by WordPress & the Atahualpa Theme by BytesForAll angelcath Header configuration & styling 1 Jul 1, 2010 08:03 AM
My site has been hacked - atahualpa 3.4.6 Mikii New Versions, & Updating 11 Jun 17, 2010 09:09 PM
My site's been hacked! paulae Installing & running WordPress 3 Sep 13, 2009 08:34 PM

All times are GMT -6. The time now is 05:17 AM.

Powered by vBulletin® Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.