Today, while doing a routine check of my clients’ websites, I noticed a message along the line of “Fsockopen unable to connect.” To be exact, the full message was…
Warning: fsockopen() [function.fsockopen]: unable to connect to win.erdownloads.com:80 (Network is unreachable) in /var/www/re/clientsite.com/public_html/index.php on line 20
This message was displayed above the header at the top of the website.
What this meant was that the webpage was trying to pull data from a site, win.erdownloads.com, but was unable to establish a connection. My first thought was, why on earth would WordPress’ main index page try to get data from erdownloads.com?
Something smelled a little fishy!
I downloaded and opened index.php and there, just below the call to open the header, was a bunch of extra code inserted. To be sure that the code didn’t belong there, I compared this index.php file to an index.php file from another of my websites (that did not display the message ‘fsockopen unable to connect‘).
It was confirmed! Yes, this code didn’t belong there and it looks like the site had been hacked!
The simple solution was to simply remove all that code, but the problem is that these hacks usually involve more than one file.
I needed to find a tool that could scan my whole WordPress installation and look for any files that may have been compromised.
Enter the excellent Wordfence Security plugin for WordPress!
I started a scan, and within minutes, Wordfence found two files that had been compromised. It gave me the option of instantly restoring the original files. A few seconds later, the website was fixed.
I left Wordfence installed because it does periodic scans of the website and will email me if it finds any problems. This gives me the peace of mind that I can quickly respond to any problems with my clients’ websites.
My advice to you is that if you see a message on your site that says, ‘fsockopen unable to connect’, don’t ignore it. Your site may be hacked. If the hack is designed to hurt visitors to your site, like con them into installing fake anti-virus software, the search engines will penalize you!
To the people who hacked my client’s site, please go find something useful to do with your time!