WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Has my blog been hijacked. (20 posts)

  1. gatorgse
    Member
    Posted 5 years ago #

    On Nov 25 I added two ads to my site that were recommended as traffic boosters. That is the only changes I made. Since that time, my traffic has dropped by 75%, and has almost the exact number of hits for the last 4 days. This is my .htaccess file. Does this look normal?

    '# BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress'

    I obviously am not well versed on these.

    Thanks

  2. mrkingid
    Member
    Posted 5 years ago #

    the file is fine.

  3. buddha trance
    Member
    Posted 5 years ago #

    Your .htaccess file looks normal.

    Did you consider the drop in traffic could be due to Thanksgiving weekend... though 75% seems a lot.

    Delete the ads immediately, to see if this makes a difference.

  4. gatorgse
    Member
    Posted 5 years ago #

    i deleted the ads, now looking at other hack posts for issues

  5. Bob Smith
    Member
    Posted 5 years ago #

    the hack was launched before thanksgiving to make people think their traffic drop was due to the holidays.

    type your site into google. click it through google. does it redirect? it will work fine if you type it into your browser.

    then do everything in these links:

    http://www.getrichslowly.org/blog/20...sultsnet-hack/

    http://it.youtube.com/watch?v=Obqa6jDV-WQ

    http://ocaoimh.ie/2008/06/08/did-you...te-get-hacked/

    and follow the steps in this thread too:

    http://wordpress.org/support/topic/168964?replies=45

    clean up your wp-blog-header.php, wp-info.txt, any files with odd extensions, an invisible user "wordpress" might have been created so check your database.

  6. Bob Smith
    Member
    Posted 5 years ago #

    also upgrade wp, change your passwords etc. file permissions may have been changed also.

    look at the rank for the site they are redirecting to.

    http://www.alexa.com/data/details/traffic_details/sattan.org

    my estimate hundreds of thousands of blogs have been hit.

  7. gatorgse
    Member
    Posted 5 years ago #

    Bob, thanks for the tips. Hate to be slow, but how do i tell if it redirects? The site is 'http://www.yourcruiseyourway.com'

  8. buddha trance
    Member
    Posted 5 years ago #

    @gatorgse

    Bob mentions it in his reply "type your site into google. click it through google. does it redirect? it will work fine if you type it into your browser."

  9. gatorgse
    Member
    Posted 5 years ago #

    Buddha, thanks. I did that but it moves through kind of quick, and I'm not really sure what I'm looking at. Sorry to be a dunce :)

  10. gatorgse
    Member
    Posted 5 years ago #

    all I see after yourcruiseyourway dowen the bottom is a google syndication thing which I have google ads on the site. I think that's what that is ofr

  11. Bob Smith
    Member
    Posted 5 years ago #

    actually it doesn't look like it's redirecting right now. but it appears some other sites that i knew were affected aren't either ...?

    just to be sure also upgrade wp, change your passwords, clean up your wp-blog-header.php, delete wp-info.txt and any files with odd extensions, an invisible user "wordpress" might have been created so check your database.

  12. Bob Smith
    Member
    Posted 5 years ago #

    is all your traffic search traffic? you might have just simply lost some rankings.

  13. buddha trance
    Member
    Posted 5 years ago #

    @gatorgse

    I just checked clicking on your site through Google and it doesn't redirect to any other site. So you are fine in that respect.

    I would still read the links and follow the steps that Bob gave you above, just to be sure.

  14. gatorgse
    Member
    Posted 5 years ago #

    Thanks Buddha. I think I may try the old database trick. Two of the three links above go to 404 pages. Thanks again for your assistance. It is MUCH appreciated

  15. gatorgse
    Member
    Posted 5 years ago #

    Well, being a novice I have decided to pay GoDaddy $150 to restore me back to 11/23 which is 2 days before the dropoff in traffic. Hopefully that will do it. What a gut wrenching feeling when some a**hole comes along and steals a year's worth of hrad worth for a few bucks. This serts me back 20 years in my progress of getting along with folks from around the world. Sad state (: Thanks to all who helped in this forum :)

  16. whooami
    Member
    Posted 5 years ago #

    ultimately, that falls on you.

    heres the deal:

    http://74.125.95.132/search?q=cache:h43lkkG3b1EJ:www.yourcruiseyourway.com/resources/state-attorney-general-offices/+www.yourcruiseyourway.com&hl=en&ct=clnk&cd=2&gl=us

    thats a cached page from the 21st.

    and unless you did the snoopy fix without bumping your version.php you were one version behind right there.

    Keep up with upgrades. Its the best defense you have.

  17. buddha trance
    Member
    Posted 5 years ago #

    Is GoDaddy restoring your database only, or all the files too?

    You need to make sure the files on your server are clean as well.

    Follow the steps that Bob mentions:

    just to be sure also upgrade wp, change your passwords, clean up your wp-blog-header.php, delete wp-info.txt and any files with odd extensions, an invisible user "wordpress" might have been created so check your database.

    file permissions may have been changed also.

    It's better to go through all the steps, and have peace of mind.

  18. admin95
    Member
    Posted 5 years ago #

    GoDaddy charges $150 for a file restore? That is incredible to me. I can just call my host up any time and ask for one, but I make nightly back ups to avoid having to. Perhaps you should look into another host.

  19. gatorgse
    Member
    Posted 5 years ago #

    whooami, I'm not sure I understood all you said, but should I go back to the 20th for the restore, or get rid of that file. If so, how would i eliminate it?

  20. gatorgse
    Member
    Posted 5 years ago #

    Called GoDaddy today to take the restore back to the 20th,because traffic is still off, and it turns out they only went back to the 30th (LOL) Now they will go back to the 20th. I have checked the places everyone recommended and see none of those files or users. Thanks again to everyone. And what did whooami mean by doing the snoopy fix?

Topic Closed

This topic has been closed to new replies.

About this Topic