Posted 4 months ago #
hi
i got hacked in a decent way.
everything seems to be ok, but when i visit my domain/.php i get so defaced site
see here: http://www.aidboard.com/.php
any idea how they did that and how can i remove it and prevent it from happening again?
thanks
conte
Posted 4 months ago #
Read this carefully and act accordingly.
http://codex.wordpress.org/FAQ_My_site_was_hacked
When you're all done (yes, it's going to be a pain), read this:
http://codex.wordpress.org/Hardening_WordPress
[edit] Holy Shmoley. Googling this Dr. CruZz gives hundreds of hacked websites.
Posted 4 months ago #
hi
thanks for the reply. but has no one else ever had this problem?
thanks
conte
Posted 4 months ago #
Fix affected content but first change your email and password. I would also change your db password (make sure to then update wp-config.php) and make sure all files on your site are set to proper permissions. If using any old plugins check for known security issues. Additionally, change login info on your webhost/server.
You may be able to have your host restore your site to an earlier time prior to the issue including your db.
As Roy noted, Dr. CruZz is apparently defacing sites which means he/she is accessing people's login information, most presumably by reviewing breached data from other sites that has been published in hacker forums etc. and then the whois registry. To prevent this, never use the same email address used for WP login as you do on other websites for login etc., always use differnent strong passwords for all sites, then lock down your whois information.
Securi does not show your site as infected as of today, of course that does not mean some unknown threat has not been included...
I'd also suggest that you use SFTP as many hackers are now sniffing unencrypted FTP communications and gaining access to servers via FTP.
Posted 4 months ago #
Hi.
I had the same problem. To solve it, do the following:
Delete any ".php" files.
Go to your theme folder and open the index.php file on that location. The top lines should have been "hacked". If possible replace the file with a backup, otherwise delete those lines at the top (keep a backup, just in case).
You must log in to post.
