This is searchable archive of our old support forums, which operated from 2012 - 2016. To find out how to get support for your current theme, please visit our support page.

pharma hack

  • Creator
    Topic
  • #3292
    terra100
    Participant

    Hi Jason –

    I need you to post a patch for this theme. I have been pharma hacked. And this is what the GoDaddy rep says:
    —————–
    It seems as if the theme for your website is what was compromised, to protect our network we’ve switched the theme to wordpress’s default “twentytwelve” theme This can be set back to the “barelycorporate” & “barelycorporate-child” themes through the wordpress dashboard in the Appearances menu.

    While on the default “twentytwelve” the source code for your site was no longer throwing out advertisements for enhancement drugs.

    Best next steps:
    Contact the author of the theme to patch and remove the malware
    -or-
    Use a new theme / Look into the theme files via FTP File Manager
    ———————

    I do not want to use a new theme. Can you do a patch?

Viewing 7 replies - 1 through 7 (of 7 total)
  • Author
    Replies
  • #3294
    terra100
    Participant

    I have updated from 3.1.4 to 3.1.5 and the pharma seems to have disappeared. But I am concerned about a hack with 3.1.5. Do you know if 3.1.5 included any security features against pharma hack?

    #3319
    Jason Bobich
    Keymaster

    Hello,

    I’m just reading around about this now, but from what I understand about this, I *think* you may be misunderstanding what the GoDaddy rep is telling you, and in all fairness, what they’re telling you is quite misleading.

    First of all, for this pharma hack to be possible, the malware files need to be located somewhere in one of your plugins or your theme. Trust me when I tell you that there is absolutely no chance that I have delivered a theme to you that contains these files within it. That would just not be possible. I develop a theme on my local network, I’m on top of every every file in it, and I submit this all ZIP’d up to ThemeForest, which is what you purchase and download.

    What GoDaddy is telling you is that the barely-corporate theme on your server contained these malware files. How did they get there? — That would be the question. The most logical assumption is that someone has compromised the GoDaddy servers (which happens often, especially with cheaper shared plans where hackers can target many customers at once) and injected files that way into your active theme. And most likely you’re not the only one of their customers that this has happened to, but of course, they’re not going to word it like this.

    I have updated from 3.1.4 to 3.1.5 and the pharma seems to have disappeared. But I am concerned about a hack with 3.1.5. Do you know if 3.1.5 included any security features against pharma hack?

    I honestly have never heard of this pharma hack until your topic here, so I can assure you I haven’t done anything to the theme in this regard 😉 — You updated the theme to the latest version, essentially starting over with a fresh copy on your GoDaddy hosting account, and now the malware files are gone.

    #3322
    terra100
    Participant

    The pharma was not there in the beginning, so it is something that has happened in the past month – not originally there from the download, like you say.

    I’ll let you know if it happens again. Thanks!

    #3416
    nigel lew
    Member

    I would suggest using this http://wordpress.org/extend/plugins/bulletproof-security/ It helps to frankly eliminate that drive-by sorta stuff and, Godaddy is in fact nuts.

    Nigel

    #6652
    terra100
    Participant

    I’ve been hacked again. And this time there is no update to the theme. So, I don’t know how to remove the code or get it off my site. Do you know where in WordPress I would have access to the site files so that I can figure out what to do next?

    #6659
    terra100
    Participant

    Update: I ran a scan at http://sitecheck.sucuri.net and know the exact pages and code that I have to remove. So, it’s just a matter of going into my file manager or the (WordPress database?) to remove the code. Any quick advice on how to find the pages within WordPress would be helpful. Thanks!

    #6671
    terra100
    Participant

    Update 2: Well, the pharma hack was mostly in the parent theme. I went into “/public_html/wordpress/wp-content/themes/” in my FTP file manager and into the header.php and edited out the pharma code with a simple delete. Then, for good measure, I went into the SQL database and searched for some of the pharma keywords. In two files I found them. I don’t know much about this type of coding, so I did what I could … and we’ll see if it returns. Meanwhile, I do have Bulletproof Security plugin now, as well as WordPress Wordfence plugin which is also a security plugin. GoDaddy’s Web Protection didn’t even find existing malware on the site (before I deleted it, so that was a waste of money).

Viewing 7 replies - 1 through 7 (of 7 total)
  • The forum ‘Barely Corporate Responsive WordPress Theme’ is closed to new topics and replies.