WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Have I been hacked, or..? (17 posts)

  1. frau_dietz
    Member
    Posted 2 years ago #

    I'm completely confused: I am posting links to a blogpost on my Facebook page and, though I can visit my blog without difficulty by copy/pasting the url or typing it in manually, the FB links redirect to a non-existent page (e.g. http://era-was.ru/in.cgi?4). Please is anybody able to tell me what's going on... and what I can do?!

  2. David Foreman
    Member
    Posted 2 years ago #

    Hey,
    Got hacked too with this yesterday.
    Check your htaccess file in the root - it will be linking from there.
    I just deleted everything in it and it fixed things for me.

  3. David Foreman
    Member
    Posted 2 years ago #

    FYI - my hosting company has told me the issue was related to the Auto Thickbox Plus plugin.

  4. frau_dietz
    Member
    Posted 2 years ago #

    Hi davros, thanks very much for your response - but I don't suppose you could translate that into layman speak for the blonde, could you please? Thank you!! :)

  5. frau_dietz
    Member
    Posted 2 years ago #

    Thank you, Ipstenu. After an afternoon and evening of serious googling and staring blankly at various parts of WordPress and Bluehost, I am slowly making my way through several of those already. Slowly of course being the operative word - I find a lot of it extremely confusing because it generally assumes the reader has a half-decent level of knowledge, which I don't. But I *think* I'm getting there... even though it's doing my head in!!

    Thanks again :)

  6. frau_dietz
    Member
    Posted 2 years ago #

    One question... where I am instructed to delete the entire directory structure using the cPanel's File Manager (e.g. in smack down link) - I am using Bluehost - I just want to be clear, does that mean deleting absolutely every last file and folder in there - i.e. the /home2/myname folder? Presumably so, but I just want to be absolutely sure before I hit the big red cross. Advice much appreciated, thank you.

  7. esmi
    Forum Moderator
    Posted 2 years ago #

    I'd suggest downloading a backup copy of the wp-content folder first. You can then check through this folder for any hack files/backdoors at your leisure.

  8. David Foreman
    Member
    Posted 2 years ago #

    @Ipstenu

    I'll try - tbh they have not been too helpful on that front - used the plugin before with no issues - I am developing the site on a clients server, not one of my own.

    Will see what I can get from them and email it over to plugins@.

    Frau - all I did was FTP into my server, find the .htaccess file in the root (main folder where wp-content etc etc live) and delete the offending stuff (from the htaccess file) that linked back to the .ru domain. I use Fetch on a Mac, so it's pretty easy.

  9. frau_dietz
    Member
    Posted 2 years ago #

    Thank you davros, had found it :) Unfortunately

    1. every time I amended my .htaccess file - and even added in some code I found that was supposed to prevent hackers getting in - it miraculously got changed back. So I thought I would go for the mega cleanup, delete everything and start again...

    but

    2. having followed the advice of deleting everything and have obviously deleted too much of everything, because I appear to have totally ****** absolutely everything up. So that's good. I have absolutely no idea what to do now, but at least I've learned lots in the process so far and I'm sure I'll somehow work it out. *sigh*

  10. Roy
    Member
    Posted 2 years ago #

    You probably also deleted wp-config.php which is the file that tells WP where to find your database. Just download a new download from wordpress.org (red link on top of this page), upload everything, edit the wp-config file to how it was (your databasename, user and password) and you should have your website back.

    Note, though, many hacks put backdoors in files, some do so in the database, so setting everything back up, may still leave you with a backdoor present.

  11. frau_dietz
    Member
    Posted 2 years ago #

    Thank you very much, Roy. I had deleted absolutely everything for the document root for my site so nothing existed at all; I have since uploaded a backup which enabled me to uninstall and reinstall WordPress. I have now deleted the backup again, reinstalled WordPress in WordPress and have a completely blank slate from which to rebuild my blog (which was thankfully pretty new) - and I've changed all my passwords. And I've found a friend to translate Bluehost's email into plain English so that I can do all the additional security things that they advise. Do you think this is sufficient? Is there any way of eliminating any leftover backdoors or might I have, though deleting the entire database, avoided them altogether?

  12. Roy
    Member
    Posted 2 years ago #

    Ipstenu gave you all the links you need. Particularly read the 'how to completely clean...'.

    When you're positive the website is clean, read this:
    http://codex.wordpress.org/Hardening_WordPress

  13. frau_dietz
    Member
    Posted 2 years ago #

    I have been following the information provided by those links, Roy... this is so far where they have got me. Seeing as there were a couple of generous human beings around on here though I just wanted to double check that I was on the right track (see above re: I totally messed everything up but with amazing luck and a bit of logic managed to recover everything) before I continue, as I'm nervous about making further mistakes. Though to those with good knowledge in this area all these links may appear to provide incredibly easy-to-follow advice, for those of us with absolutely zero experience in doing these things, it's really overwhelming and not necessarily clear. The point at which *I* as a total novice thing my website is clean isn't necessarily the point at which it is! But I thank you for your time, I do really appreciate it.

  14. Roy
    Member
    Posted 2 years ago #

    Ah no, getting hacked is a pain in the ass for anyone. Fortunately I had never had to clean up a hacked website. Of those here who do, do often do it as occupation or are new to the phenomenon like yourself. There used to be a forum user who could do magic in investigating hacks, but for most people getting hacks is security for a couple of sleepdays days and headache. The problem is that there are many different hacks, from pumping spam links into your theme to code injections presenting viruses to your visitors. There is not just one way of tackling a hack.

    But... since a while there are more and more security checker plugins. Perhaps there is one who can scan the database for you. Also 'google around' a bit for database scanning scripts, there are most likely several of them.

    As for plugins:
    http://wordpress.org/extend/plugins/search.php?q=security+check&sort=

    One thing to keep in the back of your head, once you've been hacked and there is a backdoor that you missed, they'll be back. You can have your website back up and running and looking normal only to find out a week later that there is a user that you didn't create yourself, new spam links, a redirect or whatever. This is not to scare you, just an advice to be thorough in cleaning up and be aware for a while when you think the problem is solved.

  15. There still are those of us who can do that. It's a pain in the ass to anyone. I've been hacked, though never through WordPress (just through my own stupidity and a non-secure FTP client, really I know better).

    If the hack is in your files, the best thing you can do is this:

    Delete EVERYTHING on your server, with the following exceptions:
    .htaccess
    wp-config.php
    /wp-content/uploads

    Everything else? Chuck it.

    Change your passwords. ALL of them. Especially your FTP/SSH/control panel one. Make a dedicated SQL user ID and password (if you're using cPanel, this isn't that hard, go in to the database section, make a new user, give it admin rights to your DBs). Then make THAT user the one in your wp-config.php.

    Now get a fresh copy of WordPress and upload that. Get fresh copies of all your themes and plugins. Upload them.

    Turn it back on.

  16. frau_dietz
    Member
    Posted 2 years ago #

    Hi Roy and Ipstenu,

    Thank you both so much for all your advice. It seems that (for the time being at least!) I've managed to clean up my site, and hopefully with all the tips you've given me I can keep it that way.

    I really appreciate you both taking the time to help me. Thanks again.

Topic Closed

This topic has been closed to new replies.

About this Topic