Forums

WordPress › Support » How-To and Troubleshooting

[resolved] How to clean hacked WP (7 posts)

  1. po5i
    Member
    Posted 2 months ago #

    Hello, mi site is http://www.kendoguayas.com, recently go hacked (I think it was because of ftp), so they changed a lot of index.php files and others.

    I think I clean all of them, always did it the same way and at the end I can finally navigate my site, but now I cant.

    After the google/firefox advice, I got a website without css and when I tried to load the css manually or click any link I got redirect to a malware windowsprotection-5.com site.

    I can't find where this redirection is.

    Has anyone gone through this before?

    Thanks

  2. iridiax
    Member
    Posted 2 months ago #

    If you have an .htaccess file, check it for any weird redirects. Also see:

    http://codex.wordpress.org/FAQ_My_site_was_hacked

    The hacked files could be anywhere on your site, not just in WordPress. Databases can also be compromised. Also check your home computer.

  3. po5i
    Member
    Posted 2 months ago #

    Just checked all that.. Even I replace a functional 2.8 site (without wp-content) with default template and even can't display the /wp-admin login correctly.

    When I look in firebug in the head css, it said that css couldn't load.

    Also look in the database, removed a iframes but still have the problem

    I dont know what to do...

  4. po5i
    Member
    Posted 2 months ago #

    Even I rename the directory, create one with the same name and upload a new wordpress pointing to a empty database... the installation goes without loading the css.

    I officialy worried...

  5. UseShots
    Member
    Posted 2 months ago #

    Hi,

    Unfortunately your site is still hacked. It redirects search engine traffic to "bad" sites.

    Here you can see the redirects
    http://www.UnmaskParasites.com/security-report/?page=www.kendoguayas.com

    It happens when hackers modify your .htaccess file.

    You should remove malicious redirect rules from your .htaccess file.
    Your FTP credentials have been stolen. So scan your computer for malware.
    Then change site passwords and refrain from saving them in your FTP programs (of course if you don't want reinfection).
    Finally request a malware review via Google's Webmaster Tools. Your site is currently blacklisted by Google and web browsers like Firefox, Safari and Google Chrome
    http://www.google.com/safebrowsing/diagnostic?site=www.kendoguayas.com

    P.S. Upgrade Abobe Acrobat, Flash and Java on your computer - older versions are vulnerable.

  6. whooami
    Member
    Posted 2 months ago #

    I dont know what to do...

    do it again.

    http://wordpress.org/support/topic/267398?replies=8

  7. po5i
    Member
    Posted 2 months ago #

    Thanks!! It was a .htaccess in the root folder of my hosting...

    I also changed the password of the ftp and chmod 444 to my scripts.

Reply

You must log in to post.

About this Topic

Tags