My blog was hacked and removed from my server. Is there any way it can be recovered?
My blog was hacked and removed from my server. Is there any way it can be recovered?
Ask your host for a LOT of explanations.
Push them hard for details.
Who IS this unhelpful host?
it is midphase, and I've used them for 3 years, and never had a bit of trouble until now. I honestly don't know enough to know if this is the host's fault. Is it?
Here is what they said when asked if a restore could be done:
"Yes, we have backup of your account from our backup file. It was created on 3rd
of Jun., but you need to pay $30/one time fee. We don't provide our backups for
The hacking - maybe not.
If they have removed the site - yes unless they can at least render it safe. They should be telling you precisely why they did it, precisely why they think it's your fault (I bet they say it's a wordpress problem) and what needs to be done to get it all working.
Thanks- I wrote them back and will see what they say.
I have several other things on my site which are much more important than my blogs, and I need to know how to make sure this doesn't happen again.
i do not agree with having to pay to get your site back .. since it was not your fault ..
but, in the short, $30 is worth it provided they can offer a solution as to how this will not happen again ...
I am admittedly clueless about security- can you make a guess at what went wrong for me? I pretty much assumed it was my fault.
$30 for a backup installed for a long term client? Something ain't right there.
Only your host can tell you what went wrong. They should have logs that will show how your site was hacked. If they have any idea at all about what they are talking about, they should be able to prove that the hacking was due to a vulnerability in something you have installed. If they can't substantiate that claim, they are asking you to pay them to restore data that has been lost for reasons that should have been under their control.
You may need to pay up to get your data back, but given their attitude, you should move to a more helpful host as soon as you can.
What version of WP were you running, btw?
 Possibly, but not necessarily WordPress
Here is what they said in reply:
Probably you blog has some hole. The intruder used that hole to hack your blog.
That is why we always advise to update all scritps from time to time and update
all life critical server side software. If you want to know why your blog was
hacked exactly, then I advise you to check your access_logs.
I will go check my logs.
I was running version 2.0.2, I believe.
I should add that WordPress is a host offered product. The install is all done through their interface. So I did not alter anything to use WordPress.
Usually hackers sign their exploits. They do it for "fun" and are proud of that. They are not targetting yourself.
If not, your site may have been hacked by spammers, they do it for money and don't care about "fame". So, your host decided to erase everything to stop the problem.
In any case, your host has to explain itself in details. What cause this, what program is flawed, is it WordPress, one of its plug-in, another script. They have to be specific so developpers may repair the security hole quickly (or maybe it is already done, but you did not upgrade your software since).
In conclusion, do not accept vague conclusions. Pointing WordPress fault and say nothing else is too easy. Your host have the knowledge to say exactly what went wrong, when, and what to do.
Oh, I may have misspoken. The host did not remove the files, but they appear to be missing, if that makes sense. I assumed the hackers removed them. I can't get into my admin functions in wordpress. My other blog still works fine.
The hackers did sign the page.
I wrote my host back and asked for further explanation. I appreciate all the help.
Alexis, unsuseful software only doesn't have holes. That is why Fantastico
updates their "kernel" scripts and then allows to update the
installed scripts. In any case the intruder used some hole of your website,
becasue your website only was hacked. No one else has the similar problem.
Anyway, you asked me to explain why you website was hacked, I did supposition,
additionally I advised you to check your log files if you want to know how your
website was hacked.
So, that's your problem, not theirs. Find the reason yourself, they will not help you because they are not concerned about the security of their servers ????
Maybe it is their fault?
Imagine your house was robbed, and their is no sign of forced entry. You asked the police, how did they do, what should you do to increase your security? And the police said: it's your problem, we will not help you.
It is the same situation here.
I don't even know how to check the stupid log files. :(
Could it be they just messed up your files but didn't hit your database? A hacker once hit a website I work on and replaced all the index pages with his own delightful work. However, nothing under the surface was hit. You noted all your files were taken off, not that the blog itself was all out of whack. Unless I missed something.
Everything really important is in the database, so if you re-install you might find nothing has changed.
Didn't see this more hopeful solution mentioned thus far and so I thought I would throw it out there.
I cannot access my admin page. the file appears to be there when I look in FTP, but my dashboard appears to be MIA.
All I can get out of midphase is that it's a wordpress hole. Very frustrated.
Do you have access to your database? Do you have the password and username for that so you can try doing a new install of wordpress with all that info?
When I got hacked it turned out the hacker cracked the main password and mucked around, but he didn't get deeper and so all the database stuff was perfectly fine. It was all cosmetic. Because WordPress keeps most everything in the database it may have weathered this attack better than you realize. I had to clean up the mess but all the core data was preserved.
or maybe not a new install. I'm a bit of an amateur at this, so maybe someone else could better say how to put up all new files that connect to an existing database. Is that the upgrade path?
Yes, I have access to the database, but wouldn't a new install overwrite anything that was still left?
I am still arguing with my host over payment of the $30. They say it is my fault because even though they provide WordPress through their server, it is my responsibility to update the software at least every 2 weeks, and that is why I was unprotected from whatever hole the hackers used.
I personally think that's crap, but what do I know.
"because even though they provide WordPress through their server, it is my responsibility to update the software at least every 2 weeks"
the software doesn't HAVE an update every 2 weeks. and you might want to ask where in the hosting contract that it states that it's your responsibility to do any updating.
short of this, to save yourself the headache, choke down the $30 to get the site back up and running first, then get another hosting company (preferably one that others have heard of - these fly by nights like yours are nothing but trouble, i don't care how "affordable" they appear), change your nameservers, and move on. rule of thumb - if it looks like the company's using a pre-made template for their site, it's probably some theif trying (and failing) to make some money. for all you know, they hired someone to do this so that they could grab your $30.
I do intend to move hosts as soon as I get my data back and running correctly. I am in no way defending my hosts, because I'm pretty pissed off at them, but I wouldn't say they are fly by night. I've had service with them for 3 years without a bit of trouble until now. This particular trouble is bad enough that I'm done with them, but I feel like I need to defend myself by saying that I really wasn't trying to cheap out or take the easy way or anything.
I still can't get an answer out of them as to what "hole" was exploited or how to avoid this in the future other than "update every 2 weeks," which like I said, I think is crap. I wish they could tell me where the problem occured so I can ensure it doesn't happen again.
I have my logs but have no idea how to read them.
Nor can I get a satisfactory answer as to why I need to pay for a restore.
Please don't think I was trying to offend you in any way - I didn't mean to sound like I thought you were being cheap or anything... not at all. (Hell, everyone likes a good deal, right?) I was just stating that you really never know what's behind a company that isn't really well known is all. I mean, for all you know, the person who started the company 3 years ago was honest and reliable, but then he sold it off to someone less honest or reliable. Just spitting out scenarios is all, did in no way mean to offend you! Sorry if it came out that way.
I think it's extremely shady that they won't help you read your logs, and that they want to charge you the equivalent of over 4 months of hosting in order to bring back a site that you did nothing to destroy. And the only reason I suggested you just pay and go is because it doesn't appear that they're going to be of any help, and if you try to move hosts now, your site will no doubtedly be lost completely.
oooooh now I must apologize because I was NOT offended and I'm sorry if I sounded like I was!!! But I think that if I HAD chosen a server with no history and this happened, I would be somewhat more responsible than I feel I am. I hope that makes sense.
I'm still trying to convince them to do the restore for free, if they won't budge by tonight, I'll just pay the $30 and be done.
I pay by the year with them and have no idea if I have a contract. Somehow, I suspect that I do and I'll have to pay to get out of it. :(
Copy this to them if you wish:
"If your host genuinely believes that WordPress has a vulnerability that they have discovered they owe it to the wider community to submit that information - without delay - to email@example.com. Until then, it's entirely their problem."
and if it IS a WP problem - why is it on THEIR fantastico?
On a sidenote, people do ask here about good hosts.
A host that holds data for ransom will get negative publicity. Very much so.
Thank you!!! Here is what I sent them:
"If you genuinely believe that WordPress has a vulnerability that allows this type of thing to happen, you owe it to the wider community to submit that information - without delay - to firstname.lastname@example.org. Until then, I really don't see how you can blame WordPress or myself for this problem and I again ask for you to restore my data immediately at no cost to myself."
Also, can anyone recommend a different host that I could check out? I use my host for 2 blogs, a large website, and storage for all of my pictures and videos.
Thanks for all of the very helpful assistance through this problem.
Dataflame is good. Note: that's my affiliate link right there, so I get paid if you sign up. But I wouldn't recommend them if I didn't trust them. Personally, I regard them as rock solid hosting, it's fast, reliable and the tech support is good. Obviously, you need to make up your own mind, bit I've certainly never had any problems with them.
They also let you make your own backups of the database, and it's free ;)
This topic has been closed to new replies.