Comments on: Fix the latest WordPress hack

By: Craig Hermann

Craig Hermann — Thu, 04 Nov 2010 23:28:00 +0000

Chuck, I’m having the same issue – I cannot find what must be the last bad file/insert, security keys changed, chmodded everything, removed bad wp_options, &c.

I still have the random text (1a 6b 347 …) spread throughout the version of my pages pulled by SE bots…

did you find anything else?

By: We were hacked. GoDaddy sites with WordPress Targeted | Mark8t: SEO, SEM, E-Marketing And More

Sat, 18 Sep 2010 07:56:07 +0000

[...] want to thank the following people who made things a bit easier for us: This article by Chris outlining his recovery from a hack, the superb help by Sucuri and great support from [...]

By: Wordpress Hack Terrifies Webmasters

Wordpress Hack Terrifies Webmasters — Mon, 13 Sep 2010 22:41:09 +0000

[...] Solutions or VPS.net indicated that the attack was not web hoster specific.Fast forward to April 6. Christopher Penn discovered that his blog had been compromised. He found out that the hack on his site injected a [...]

By: Aaron Landry

Aaron Landry — Wed, 14 Jul 2010 03:49:08 +0000

Just wanted to say thanks. Same thing happened to me and it took a bit of googling to find the right solution. You lead me down the right path and I think I'm fixed up now. Cheers.

By: Aaron Landry

Aaron Landry — Wed, 14 Jul 2010 03:49:08 +0000

Just wanted to say thanks. Same thing happened to me and it took a bit of googling to find the right solution. You lead me down the right path and I think I'm fixed up now. Cheers.

By: Aaron Landry

Aaron Landry — Tue, 13 Jul 2010 20:49:08 +0000

Just wanted to say thanks. Same thing happened to me and it took a bit of googling to find the right solution. You lead me down the right path and I think I'm fixed up now. Cheers.

By: Cory

Cory — Sat, 10 Jul 2010 14:21:49 +0000

Ok, I had this issue too and it kept coming back. Every time I went into Google Webmaster Tools and did a "Fetch As Google Bot" it came up with the stupid hacked stuff still there.

Finally, I did this:

SELECT * FROM `wp_options` WHERE option_value LIKE '%pharm%'

I found another entry with a lot of other cache junk. When I deleted it, immediately it was removed from google webmaster tools "fetch as google bot". Now, it's only been a few minutes so I'll come back tomorrow and let you know if it's gone for good. Gosh I hope this is it. This has been a nightmare!

By: Cory

Cory — Sat, 10 Jul 2010 07:21:49 +0000

Ok, I had this issue too and it kept coming back. Every time I went into Google Webmaster Tools and did a "Fetch As Google Bot" it came up with the stupid hacked stuff still there.

Finally, I did this:

SELECT * FROM `csp891_options` WHERE option_value LIKE '%pharm%'

I found another entry with a lot of other cache junk. When I deleted it, immediately it was removed from google webmaster tools "fetch as google bot". Now, it's only been a few minutes so I'll come back tomorrow and let you know if it's gone for good. Gosh I hope this is it. This has been a nightmare!

By: WP Super Cache Hacked and Cloaked my Site! | Take me to your Leader!

WP Super Cache Hacked and Cloaked my Site! | Take me to your Leader! — Wed, 30 Jun 2010 03:55:41 +0000

[...] WordPress being hacked right at the same time I activated it … Some reading here, and here. Anyone running WP suffered this hack? How did you solve [...]

By: Anime

Anime — Sun, 09 May 2010 23:09:24 +0000

Holy crap.. I haven't had this happen to me, but after reading all the crap you went through, I hope it never does. Man…. I'm guessing since you're blog is still up, you got it sorted, so grats, but damn, I feel really sorry for you.