WordPress.org

Ready to get started?Download WordPress

Forums

Hacked by iRaQi H4ck w7z_@hotmail.com (12 posts)

  1. DanMSchell
    Member
    Posted 1 year ago #

    My site has been hacked.
    I have restored all files from backup
    I have replaced the wordpress files with fresh ones
    I can login to my WP admin and everything seems normal except the link to the site is bogus.

    http://www.rebaxter.net

    Any help will be appreciated.
    danmschell@gmail.com

  2. Tara
    Member
    Posted 1 year ago #

  3. DanMSchell
    Member
    Posted 1 year ago #

    I have tried using the resources, but hitting dead ends.
    It appears the database password may have changed, as I am unable to change it.
    Something is preventing me from exporting my site using tools export in wp-admin
    HELP !!!

  4. bcworkz
    Member
    Posted 1 year ago #

    Go to your hosting control panel. It should have mySQL tools (often phpMyAdmin) to change DB passwords and save a copy of the DB. You can also move/copy your files about using the FTP app in cpanel or with a separate FTP client like Filezilla.

  5. DanMSchell
    Member
    Posted 1 year ago #

    Thank you, Yes I know all of this. I can see the database in cpanel, but when trying to change the password to increase security it tells me my current password is wrong. Makes me believe someone hacked it and changed it. I am quite versed in FTP and can access the FTP files no problem, and can login via wp-admin. THe export function under tools in wordpress via wp-admin fail, IE it exports junk not the real files. But all efforts to remove the hack have failed, I conclude the problem must be in the database.

  6. gregzem
    Member
    Posted 1 year ago #

    Go to http://revisium.com/aibo/, download Malicious Detector Tool and check your website. It supports several version of WordPress from 3.0 to 3.5.1. So it will bring you a list of shell scripts, malicious tools and code snippets, if any. To use just unzip archive and follow instruction from how to use.txt file.

  7. DanMSchell
    Member
    Posted 1 year ago #

    Will do but I have deleted every file on the FTP site and reloaded from a recent backup with no impact. I believe the problem is with the SQL Database.

  8. DanMSchell
    Member
    Posted 1 year ago #

    Sorry I am unable to figure out how to run server command line though ssh to execute php ai-bolit.php - I appreciate your help

  9. Tara
    Member
    Posted 1 year ago #

    have you contacted your hosting provider?

  10. DanMSchell
    Member
    Posted 1 year ago #

    I have inquired as to any problems they may have seen, and asked them to change the psw on the SQL database. I contact them to help run the ssh?

  11. Tara
    Member
    Posted 1 year ago #

    yes, see if they can help you anyway. They should. you are paying them!!

  12. gregzem
    Member
    Posted 1 year ago #

    DanMSchell, do you have ssh access to your website (server)?
    You may want to request it from hosting support team. Having ssh is quite convenient for managing website. So I'd recommend to figure this out.

    Once you get ip/login/pass you can use WinSCP5 free ftp/ssh client and Putty client to connect to server via SSH. Then upload ai-bolit.php files from archive, open a command line and run

    php ai-bolit.php

    Once report is created you need to go though all marked red. They will point you malicious or suspicious code within your wordpress. It can detect major set of hacking software with 90% probability.

    Another approach is to get full backup of your website and check it locally. If you're using Windows OS, then just install php on Windows (you can download it from windows.php.net).

    Let me know if you've got questions.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.