Some Help Please - very very bizarre - GoFuckYourself.com

lakerslive · 05-04-2014, 01:53 AM

i run a wordpress site..and it has ways to sort videos

most views | random | most likes

however, the urls of the words above keep changing to

domain.com/page/3/?action=%7B%24%7Beval%28%24_REQUEST%5Ba%5D%29%7D%7 D&a=ob_clean%28%29%3Beval%28stripslashes%28%24_REQ UEST%5Be%5D%29%29%3Bexit%3B&e=phpinfo%28%29%3B&ord erby=rand&order=asc

from domain.com/page/3/

DOES ANYONE HAVE A CLUE???????

which file do i need to change?

ive been trying to track the source of where it originates from. (i installed fresh copy of wordpress too) and something keeps changing my url. Please help.

thankssssss

lucas131 · 05-04-2014, 02:10 AM

ask your host?

L-Pink · 05-04-2014, 08:13 AM

Bump …...

armysmoke · 05-04-2014, 08:28 AM

Does the weird links redirect you to a different site?

Maybe you were hacked.

Fat Panda · 05-04-2014, 08:41 AM

omg your wp install is fucked

brassmonkey · 05-04-2014, 08:59 AM

disable your plugins see if it go's away. free theme? check functions.php of the theme

lakerslive · 05-04-2014, 12:08 PM

Quote:

Originally Posted by L-Pink

Bump ?...

just found out its called the "eval(base64_decode" hack

brassmonkey · 05-04-2014, 12:17 PM

Quote:

Originally Posted by lakerslive

just found out its called the "eval(base64_decode" hack

free wp tube theme?

MediaGuy · 05-04-2014, 12:41 PM

Yeah this happened to me before... you were hacked. You have to change your wordpress password, your FTP password, and get the host to run a virus software.

Then, clear your FTP client's xml/cache of passwords. You'll have to re-enter them as you log in to your sites again. The exploit actually jumps in on the client's FTP access attempt as you do an upload. Lots of wordpress sites compromised this way, according to a GoDaddy tech support guy I talked with once...

Good luck!

:D

lakerslive · 05-04-2014, 01:44 PM

Quote:

Originally Posted by MediaGuy

Yeah this happened to me before... you were hacked. You have to change your wordpress password, your FTP password, and get the host to run a virus software.

Then, clear your FTP client's xml/cache of passwords. You'll have to re-enter them as you log in to your sites again. The exploit actually jumps in on the client's FTP access attempt as you do an upload. Lots of wordpress sites compromised this way, according to a GoDaddy tech support guy I talked with once...

Good luck!

:D

so this stopped it? thanks

MediaGuy · 05-04-2014, 02:24 PM

Quote:

Originally Posted by lakerslive

so this stopped it? thanks

Well getting the host to run a program that erased the hash/hack stopped it, and changing passwords and all that prevented it from happening again...

:D

lakerslive · 05-07-2014, 12:35 AM

I found where the bug was after 3 months... it was in ULTIMATE SEO PLUGIN!!!

rapidworkers · 05-09-2014, 10:51 PM

You were hacked.

05-04-2014, 01:53 AM	#1
lakerslive Confirmed User Industry Role: Join Date: Aug 2012 Posts: 929	Some Help Please - very very bizarre i run a wordpress site..and it has ways to sort videos most views \| random \| most likes however, the urls of the words above keep changing to domain.com/page/3/?action=%7B%24%7Beval%28%24_REQUEST%5Ba%5D%29%7D%7 D&a=ob_clean%28%29%3Beval%28stripslashes%28%24_REQ UEST%5Be%5D%29%29%3Bexit%3B&e=phpinfo%28%29%3B&ord erby=rand&order=asc from domain.com/page/3/ DOES ANYONE HAVE A CLUE??????? which file do i need to change? ive been trying to track the source of where it originates from. (i installed fresh copy of wordpress too) and something keeps changing my url. Please help. thankssssss

05-04-2014, 08:59 AM	#6
brassmonkey Pay It Forward Industry Role: Join Date: Sep 2005 Location: Yo Mama House Posts: 77,061	disable your plugins see if it go's away. free theme? check functions.php of the theme __________________ TRUMP 2025 KEKAW!!! - The Laken Riley Act Is Law! DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com Last edited by brassmonkey; 05-04-2014 at 09:00 AM..

05-04-2014, 12:41 PM	#9
MediaGuy Confirmed User Industry Role: Join Date: Sep 2004 Location: Montrealquebecanada Posts: 5,500	Yeah this happened to me before... you were hacked. You have to change your wordpress password, your FTP password, and get the host to run a virus software. Then, clear your FTP client's xml/cache of passwords. You'll have to re-enter them as you log in to your sites again. The exploit actually jumps in on the client's FTP access attempt as you do an upload. Lots of wordpress sites compromised this way, according to a GoDaddy tech support guy I talked with once... Good luck! :D __________________ YOU Are Industry News! Press Releases: pr[at]payoutmag.com Facebook: Payout Magazine! Facebook: MIKEB! ICQ: 248843947 Skype: Mediaguy1

05-04-2014, 02:10 AM	#2
lucas131 ¯\_(ツ)_/¯ Industry Role: Join Date: Aug 2004 Posts: 11,475	ask your host?

05-04-2014, 08:13 AM	#3
L-Pink working on my tan Industry Role: Join Date: Mar 2005 Location: Florida/Kentucky Posts: 39,151	Bump …...

05-04-2014, 08:28 AM	#4
armysmoke Confirmed User Industry Role: Join Date: Oct 2013 Posts: 2,605	Does the weird links redirect you to a different site? Maybe you were hacked.

05-04-2014, 08:41 AM	#5
Fat Panda Porn is Dead. Move along. Industry Role: Join Date: Aug 2006 Posts: 13,295	omg your wp install is fucked

05-07-2014, 12:35 AM	#12
lakerslive Confirmed User Industry Role: Join Date: Aug 2012 Posts: 929	I found where the bug was after 3 months... it was in ULTIMATE SEO PLUGIN!!!

05-09-2014, 10:51 PM	#13
rapidworkers Confirmed User Industry Role: Join Date: Aug 2013 Posts: 288	You were hacked.