WordPress Hacked – Unexpected character in input: ”’ (ASCII=39)

People have too much time on their hands to come up with such hacks

One of my site keep getting error such as “Unexpected character in input: ”’ (ASCII=39) blah blah blah …” and I was perplexed what was the cause of it. Every time I did a clean install, the error crops up again.

So I did an online search and it indicates other users having the same problem as me, have shared that their server might have been compromised, or cornficker worm is the cause.

What to look out for tell-tale signs of the hack, from my observation.

1. Your WordPress admin panel and site is inaccessible, it would display the error such as ‘Unexpected character in input: ”’ (ASCII=39) at index.php’.
2. When looking at the specific file that the error points out such as index.php, you find an offending line of code added to the PHP file. Such as an iframe linking to another site. As for me, it was a Russian .ru site that was inserted into my files.
3. All the WordPress files infected or hacked starts with “index” or “default”. The hack script probably looks out for such filenames.

To remedy this:

1. I changed my server password via CPanel
2. I replaced the infected files with new ones. To know which is infected, look at the timestamp in your FTP. A recent timestamp compared to other files timestamp (should be of older timestamp during first install) would point the file has been changed recently.
3. I changed my username and password at WordPress. I use PHPMyAdmin to changed my username manually from “admin” to something else.

I don’t know how my server and WordPress was breached, as I used a really strong and complicated password. So far after my changes, the hacked site is alright currently … for now.

Article Source

Related posts:

1. Creating Money Making Affiliate Website Using Easy Website Builder ...
2. With Your WordPress Blog Start Making Money Today ...

Related posts brought to you by Yet Another Related Posts Plugin.