Weird things happens. Mostly in WordPress. One morning you see that your permalinks became a something like this:
Or your feed crapped like this:
error on line 22 at column 71: xmlParseEntityRef: no name wordpress
Do not panic – you’re hacked. And there is three steps to get rid of it.
1) Restore your permalinks
Go to Admin panel -> Settings -> Permalinks.
Set your permalink structure to whatever it was earlier. If you don’t even imagine what it was – you can always ask google for it – just like this: site:yourblogurl.com – and you’ll see the answer in the links to your site.
2) Kill the intruder(s)
Go to your preferred mysql administration tool (say, MySqlAdmin) and run this code in the SQL window:
SELECT * FROM `wp_usermeta` WHERE `meta_value` LIKE '%script%'
You’ll see the list of records, write down user_ids of those guys.
Go to Admin panel -> Users -> Authors & Users, copy the edit link for any user, it’ll be somethings like:
Then paste it into address line, and change user_id=XX to the first user_id you wrote. Go.
Replace First name with whatever you want (for example “z”), insert “email@example.com” into Email field (or whatever, but remember it, you’ll need it later) and set the Role into Subscriber. Push Update user. Then repeat with the next one in your user_ids list. After you finished – just type in into the search line word “motherfncker” (or whatever you set emails to). Now – just delete bastards!
3) Defend the base
Just upgrade your wordpress. If you will do it periodically – there will be no such problems at all!
If you do not have ability to use some SQL tool – you can try to blind find bastards:
Go to Admin panel -> Users -> Authors & Users
Note the number of Admin users (right under “Users” header). One of them is you, all others – bastard ones 🙂
Try to find max. user_id in the list by hovering your mouse over links. Then copy the edit link of the user with topmost ID, insert it into address line, change it to next number and go. Did not work? Try the next number. Or previous one. You can even loop through all IDs not in use. And when you’ll find him – you know what to do!
Second step – it’s use of Simple Trackback Validation plugin by Michael Woehrer.
Many spam messages is come through trackbacks.
This plugin eliminates spam trackbacks by:
Plug has options page. Everything seems pretty good – and again – wait for more info.
I’ve been thinking of getting post done (about smart MySQL sorting techniques), but when I logged on….
A bunch of spam comments – about meds, about autos, about porn (of course) and all the bloody stuff around this bloody world…
So – I proclaim the War Against SPam (WASP).
The first step in WASP strategy – it’s a set of plugins. I’ll try some, and you’ll be informed about the hostilities.
First in the line will be Math Comment Spam Protection Plugin by Michael Woehrer. You can see its output under the comment form. Also I use the aggressive digits naming – like thr33 or f1ve