Wordpress Themes - WP Forum at BFA
Click here to register or to donate.
Auto self-registration is not available here - far too many spammers. This forum has many, many backlinks and because of that there is an intense desire among spammers to drop their links here.

Wordpress Themes - WP Forum at BFA » WordPress Themes » Atahualpa 3 Wordpress theme »

[SOLVED] My Atahualpa-powered site hacked, redirects elsewhere


  #1  
Old Nov 27, 2010, 03:02 AM
bswb97
 
158 posts · Aug 2010
Ok, so this isn't a Atahualpa-specific question, but maybe Juggledad, Flynn, and co. can help out with this. Some jerk-offs hacked my site at www.awesomevideogamenews.com. Right now, it just redirects to some other crap.

Here's what I know:

1) CPanel on the host does NOT have a redirector listed, so I don't think that was compromised.
2) All of my FTP files are still there. I checked the saved dates on all the relevant files I could think of and they were all months old, the last time I worked on the site layout.
3) The Cron Jobs and RSS still are working.
4) When I look at the source code, all files are being called with a /, not a true directory path. So it has to be a redirect since those files don't exist on my server.

Help!
  #2  
Old Nov 27, 2010, 04:12 AM
bswb97
 
158 posts · Aug 2010
I am up waaaaaaaaaaaaaaay too late troubleshooting this. But I'm pissed off!

Here is the current source code that SHOULD be the header:
HTML Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

  <head>
    <title>Youth Sports Coaching Blog</title>
    <meta http-equiv="Content-Style-Type" content="text/css" />
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css" media="all">@import "/misc/drupal.css";</style>
<script type="text/javascript"><!--
  var BASE_URL = "/";
--></script>
And here's my header.php
HTML Code:
!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
<head>
<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
So there's a difference right after the <head> callout...and I'm guessing that means it's not even getting to my header.php, right? I had read about a WP hack from earlier this year that inserted a javascript redirect into the header.php file, so that's where I got that idea.

Based on my Cron Job logs, I identified the hack at between 11 AM and 1 PM today PST. In my CPanel root directory, I saw .bashrc was updated at 11:32 AM...but I know nothing about Linux, so I don't know if that's over my head.
  #3  
Old Nov 27, 2010, 12:19 PM
bswb97
 
158 posts · Aug 2010
Hosting company contacted, they had a hardware issue and a mixup with the DNS. So fortunately, I didn't get hit with one of those WordPress-specific hacks from some months ago.

Please ignore my late-night ramblings.

Bookmarks

Tags
hacked

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Error installing atahualpa 3.5.3: blank page plus Powered by WordPress &amp; the la christina! New Versions, & Updating 4 Aug 29, 2010 02:53 PM
To delete Powered by WordPress & the Atahualpa Theme by BytesForAll angelcath Header configuration & styling 1 Jul 1, 2010 09:03 AM
My site has been hacked - atahualpa 3.4.6 Mikii New Versions, & Updating 11 Jun 17, 2010 10:09 PM
My site's been hacked! paulae Installing & running WordPress 3 Sep 13, 2009 09:34 PM


All times are GMT -6. The time now is 02:25 AM.


Powered by vBulletin® Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.