Posts appearing on my WordPress site.

Asked by:
mherald / 15 Points
Time:
2011-11-22 5:19 am EST
Category:
Website Troubleshooting
Hits:
1,044
I've already received one response to previous questions about my ongoing issue trying to repair my blog. It started with someone creating a 'backdoor' and actually publishing a couple of articles from my blog. It goes like this - I get a notice I have a new subscriber - next thing I know the same name and email pops up in my User folder.

Securi Security has done their thing and tells me the site is Malware "free."

I was advised (in the response from this community) to run TAC, Exploit Scanner and Timthumb Vulnerability Scanner. TAC is not uptodate with the current version of WP so I did not run that. My theme does not use Timthumb (I checked) so I did not run that. I did run Exploit Scanner and it came back with a list of problems with plugins - all current - but I've deleted them anyway. I'm left with one "severe threat" - pasted below. I read your article on WP security but I still have no idea where to look for this and when I find it if I'm supposed to just delete the file or what.

php.ini:982
Often used to execute malicious code
; error_reporting(0) around the eval()

Also, all of my images have now disappeared from my blog - in fact the only thing showing up is some text. For what it's worth if it helps here's my url - http://www.inspiredgiftgiving.com

Thanks in advance for any advice, direction.

To ask this user for more information, please first login.

To submit an answer, please login.

Best answer chosen by Web Hosting Hub staff

0

ChristiNi
Staff
13,688 Points
2011-11-22 5:35 pm EST
Hello mherald,

I'm sorry you've had trouble with your site being hacked. I'm also sorry you had trouble running TAC as I've used it on current versions of WordPress. I checked into the threat reported by the Exploit Scanner and it appears to be a false positive (per the plugin developer). Please accept my apology, that plugin does seem to give false positives.

I would recommend taking a look at the Access Logs in your cPanel and search for any IP accessing your wp-admin area that does not match your IP. You can also give us a link to a specific article on your blog that wasn't published by you (if it's still published) and we can take a look at the logs for you as well. If you have removed the published articles, can you tell us the time and date the most recent article was published?

We look forward to hearing from you so we can help you resolve this as quickly as possible.

Regards,

Christi N.

To submit a comment on this answer, please first login.

Want to share this Question?

Related Articles

It looks like there are no related articles.
Would you like to ask a question about this page? If so, click the button below!
Need More Help?

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.
}