My WordPress blog got hacked recently. I still haven’t got to the root vulnerability, but I suspect I’ve only got myself to blame for not upgrading to the latest version. There are plenty of articles on how to recover from this situation, but one of the things I found myself having to do is locate some offending code within the WordPress .php files which injected an IFrame with malcious target into my blog pages.
Once I had grabbed a backup copy of my site files, I started tinkering around with Windows Search to get it to index inside .php file contents, but realised some simple PowerShell script was probably the quicker solution:
Select-String -Path "C:path-to-my-wordpress-files*.php" -pattern iframe
This one liner gave me a list of all php files containing an iFrame, but the pattern could easily be adapted to be more specific. PowerShell can be such a lifesaver at times.
Don’t believe the blurb, it took me hours. In fairness, I think the two issues that slowed me down were down to hosting it on a Windows box.
Firstly I encountered “specified CGI application misbehaved by not returning a complete set of http headers”. I eventually found my answer via this post on the WordPress forums. It turns out that there’s a database access .php script (/wp-includes/wp-db.php) which needs to be replaced in version 2.3.3 if you’re running on a Windows server, although I notice the page mentioned in the forum is now unavailable so I’ve attached the .php file in case anyone else needs it.
The second error I encountered was something familiar to me as a more general IIS exception, namely “This virtual directory does not allow contents to be listed” when viewing the root directory of the site. In other words, IIS has been through its list of ‘default’ pages and hasn’t found a match in its configured list. Adding index.php to the list brought things to life instantly.
I have to say I’m very impressed now that everything’s up and running. I made the choice to use this particular engine because the feedback I’d read seemed to be mostly positive, and I can see why. The content management UI is slick, and I haven’t even scratched the surface of what it’s capable of.