Found the domain hacking my wordpress - GoFuckYourself.com

lakerslive · 03-15-2016, 09:50 PM

KoMexX.net

found his domain name inserted into my wordpress theme.. which leads to that website. what gives man with these guys?

BIGTYMER · 03-15-2016, 10:05 PM

Bots man.. we're the last humans left.

bearjew · 03-15-2016, 10:30 PM

clean out then secure your wordpress

_Lush_ · 03-15-2016, 11:01 PM

stop downloading nulled plugins and themes from free dl sites. You dont think all those cool plugins and themes that you are suppose to pay for are being shared by kind uploaders who just want to share the love. most are coded with injection scripts that bleed a percentage of your traffic from your site.

easy fix just ssh into your site and grep -nr komexx.net /www/wordpress/wp-content
or whatever the path to your wp is on your server and find what plugin or theme contains instances of this domain and delete the whole plugin or theme.

rowan · 03-15-2016, 11:13 PM

Quote:

Originally Posted by _Lush_

easy fix just ssh into your site and grep -nr komexx.net /www/wordpress/wp-content
or whatever the path to your wp is on your server and find what plugin or theme contains instances of this domain and delete the whole plugin or theme.

I suggest adding -i (case insensitive compare) to the grep options, so it catches mixed capitalisation instances like "KoMexX.net" too.

grep -nri komexx.net /path/to/wp-content/

Also it's possible that the plugin has stashed a file outside of that directory, or obfuscated the name so that a simple text search won't find it (eg $domain = "kom"."exx".".net")

bearjew · 03-16-2016, 01:30 AM

also search for 'base64_decode' and 'eval'

anexsia · 03-16-2016, 01:11 PM

Install OSSEC and clamav with maldet for daily scans.

Save your wp-config.php file, uploads folder, and your MySQL database (after making sure all 3 are clean) and just redownload a fresh copy of Wordpress and then put your wp-config.php and uploads folder back and your MySQL database. Run a scan on everything and then you should be good to go.

adentio99 · 03-16-2016, 02:06 PM

script kiddies.

03-15-2016, 09:50 PM	#1
lakerslive Confirmed User Industry Role: Join Date: Aug 2012 Posts: 929	Found the domain hacking my wordpress KoMexX.net found his domain name inserted into my wordpress theme.. which leads to that website. what gives man with these guys?

03-15-2016, 11:01 PM	#4
_Lush_ Confirmed User Industry Role: Join Date: Jul 2005 Location: GDL Jal. Posts: 536	stop downloading nulled plugins and themes from free dl sites. You dont think all those cool plugins and themes that you are suppose to pay for are being shared by kind uploaders who just want to share the love. most are coded with injection scripts that bleed a percentage of your traffic from your site. easy fix just ssh into your site and grep -nr komexx.net /www/wordpress/wp-content or whatever the path to your wp is on your server and find what plugin or theme contains instances of this domain and delete the whole plugin or theme. __________________ IcQ 50611033

03-15-2016, 10:05 PM	#2
BIGTYMER Junior Achiever Industry Role: Join Date: Nov 2004 Location: Walled Garden Posts: 17,066	Bots man.. we're the last humans left.

03-15-2016, 10:30 PM	#3
bearjew Registered User Industry Role: Join Date: Dec 2014 Posts: 17	clean out then secure your wordpress

03-16-2016, 01:30 AM	#6
bearjew Registered User Industry Role: Join Date: Dec 2014 Posts: 17	also search for 'base64_decode' and 'eval'

03-16-2016, 01:11 PM	#7
anexsia Confirmed User Industry Role: Join Date: May 2010 Posts: 5,735	Install OSSEC and clamav with maldet for daily scans. Save your wp-config.php file, uploads folder, and your MySQL database (after making sure all 3 are clean) and just redownload a fresh copy of Wordpress and then put your wp-config.php and uploads folder back and your MySQL database. Run a scan on everything and then you should be good to go.

03-16-2016, 02:06 PM	#8
adentio99 So Fucking Banned Industry Role: Join Date: Jul 2015 Location: USA Posts: 366	script kiddies.