Hack del formulario de contacto de Wordpress [cerrado]

I'm trying to clean up a small hack on my Wordpress site. It's located at http://www.mydermakare.com. I found the initial spam code in the index.php file and deleted it, but I'm still getting a function session-start error at the top of my page.

Any ideas on where I can find the problem code?

preguntado el 31 de enero de 12 a las 16:01

Can you be a little more specific as to what exactly happened? Are you saying that your site was hacked into and the php pages were modified to include code, or are you saying that you have been having issues with spam on the blog? -

I do have spam in the comments box, but I think the problem is from code uploaded through the contact form. I'm only assuming this because it has happened on another one of my websites in the past. -

It sounds like a fairly big problem if someone is able to upload code through any sort of publicly accessible form. -

haha I just viewed a cached version of the page and had to close it quickly because I'm in work. Just a heads up to anyone else, It's a woman in a bikini. Nothing rude but it's not dull enough for our work regulations haha. -

YES......don't get in trouble for assumed porn at work!!!! -

4 Respuestas

http://ismyblogworking.com/mydermakare.com shows the results of hack code in your robots.txt file as well as the RSS feed. You're still hacked.

Replace all core WP files and folders, except your theme. That's where the php error is coming from.

Do a complete job of cleaning the hack or it will happen again. See Preguntas frecuentes: mi sitio fue pirateado «WordPress Codex y Cómo limpiar completamente su instalación de wordpress pirateada y Cómo encontrar una puerta trasera en un WordPress pirateado y Endurecimiento de WordPress «Códice de WordPress and tell your host. Change all passswords and scan your own PC. Maybe even find a better, more secure host.

Respondido 01 Feb 12, 19:02

The lines before line 10 are causing the headers to get sent before line 10 can add/change them. Showing us lines 1-10 might help.

EDIT: Yes i think you have been hacked or something http://sucuri.net/malware/malware-entry-mwjs160 At this point i'm going to step a side, bit too complicated for me and i don't want to tell you the wrong thing.

Respondido el 31 de enero de 12 a las 20:01

Hi Mark, I have a backup file of index.php and I replaced it - and it's not working. Are you saying that lines 1-10 in index.php would be the problem, or would it be elsewhere, considering I already replaced index.php with my backup - Rob Myrick

If lines 1-10 have an "include" then it may be in the file being included. - Mark Price

Mark, I just clicked on view source and a weird script is showing at the top. I'm thinking that def looks suspicious. - Rob Myrick

Did you close your php tag in index.php. Is there any extra space. the error shown here is due to session_start() called in quick-contact.php in quick contact plugin. But PHP had outputted something before. Remove any white space before or after the php tags in any of the primary files


I think this is not the problem with index.php. i think you have added some space somewhere in your php files after the tags. Can you check those

Respondido el 31 de enero de 12 a las 21:01

Sabari, would you want to take a look at it? I would really appreciate your help if possible. I can give you login credentials - Rob Myrick

yes sure.Do you have ssh details.. if yes send me to sabarinatht@gmail.com - sabari

I have sent you an email - sabari

Judging from the comments here, your best bet is to probably restore the entire site from a backup. You'll still run into the problem that the vulnerability is still there and likely exploitable still by whoever 'hacked' the site the first time. Finding the particular exploit that was used is fairly far beyond what can be done over a forum like this, but you could probably start by looking at all of your plugins and making sure they're up to date.

Respondido el 31 de enero de 12 a las 21:01

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.