WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] [closed] hacked by hacker (36 posts)

  1. jtoronto
    Member
    Posted 1 year ago #

    stuzphotography:
    1. That's the easy answer for Hostpapa
    2. They clearly had issues that night which resulted in many many websites getting hacked all at once - across multiple accounts. My chats with their support team confirmed this to some degree. But it still could be an outdated script ... this ones a mystery since Hostpapa won't release log files or tell anyone what exactly happened.
    3. So you should push back a bit - let them know you were not the only one that night and it's crazy they don't have a backup for you.
    4. Before you delete everything make a backup of your current files and database from Cpanel / PHMySQL and FTP. Because the hack only modified a few files most of your data is intact and could be saved.
    5. The Hack Repair Guy who posted earlier in the thread could prob get you back up and running without a full account reset or getting HostPapa involved.
    6. This response from HostPapa is probably a good reason to look elsewhere for hosting at some point. I know I will be.

  2. johnnyspade
    Member
    Posted 1 year ago #

    Most hosts will give you a similar answer, especially the low costs ones. It's rare that they ever admit fault for these types of things. The fix to this particular 'hacked by hacker' exploit was already posted earlier in this thread:

    http://www.atmayogi.com/2012/11/wordpress-vulnerability-hacked-by-hacker/

    It assumes you have a backup of your theme files though.

  3. sbock3
    Member
    Posted 1 year ago #

    Thanks for all the great advice, guys. I too am quite unimpressed with how HostPapa has responded in light of all this.

    I have one last question if anybody's nice enough to help me out:

    So I cleaned out the infected index.php, index.html, and header.php files. The problem is that, stupidly and inexperencedly, I hadn't made a backup of my header.php theme file, and now I don't know whether I can get a new, restored version of that file. Generally, people are saying just re-install the theme and the file will be there, but I was using a custom theme variant of +Positive, made for me by my website's developer (who no longer responds to my emails...). I've been playing with my website's back end and still can't figure out whether re-installing this custom theme is even possible. And even if it is possible to reinstall it, because of the custom nature of the theme, will the header.php file even be the same as before it got corrupted?

    Thank you guys SO much for any insight you can offer.

    In all seriousness, if I can't restore that header.php file back to normal, I believe I will just fold the website. The time, money, and effort it will take to recreate the entire theme with a new web developer/designer is just not worth it for me. Very, very sad if this is the final outcome...

  4. esmi
    Forum Moderator
    Posted 1 year ago #

    I've been playing with my website's back end and still can't figure out whether re-installing this custom theme is even possible.

    Unless you have a new, clean, copy of the theme, don't even think about using it again.

  5. Earthwake
    Member
    Posted 1 year ago #

    I have been hacked too. My site is also with hostpapa. I'm not as Au fait with files and stuff....even the suggestions to fix this problem seem daunting for me.

    I have been holding on hostpapa online support for over an hour now.

    I have spent months and months developing my site, I use the TuturialChip theme.

    All gone !! :-(

    http://www.earthwake-network.com

  6. The Hack Repair Guy
    Member
    Posted 1 year ago #

    The solution is fairly simple.

    1. Ask host to recover your site back to last weeks backup.
    Recovery will solve the problem nearly instantly.

    2. Then once recovered make sure to change all passwords, including your email passwords, then further lock down your site (I discuss most of this on my site).

    3. If host does not have a backup to recover too, then move out as soon a possible to a more secure web host who offers daily malware scanning and weekly backups (this is your real long term solution).

    Suffice it to say, Website security = backups + security focused web host
    All of this these situations described above can be easily managed when you host through a web host who discusses security on their home page (as opposed to a blue eyed blondes grinning back at you...<hint>).

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.