WordPress.org

Ready to get started?Download WordPress

Forums

I need help fixing my hacked sites! (2 posts)

  1. michaelgs
    Member
    Posted 4 years ago #

    Help!
    I posted the post below two days ago and I still need help badly.
    sofar everything I've tried does not fix the problem.
    knowing that the files changed are the three wpinclude/default pages I went in and disabled the write mode for owner as well.
    having done that now I cannot open any widgets and I can't open
    oployau.fancountblogger.com
    I get this message:
    Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (11)

    what would happen if I reinstall WP 2.9.2 in the tool/upgrade section?
    will that delete all of my sites content?
    I also found one directory in my root directory of one of the sites named .xmlnuad and this directory was in none of my other 70 sites. I deleted it.

    anyway, please can somebody help me?
    I am at a loss.
    BTW my email is michaelgs at satx.rr.com
    Michael

    I have a group of 7 sites, all have the same problem.
    about every 30 hours my sites go blank.
    to fix this temporarily I reinstall the three wpinclude/default-xxx files via ftp.
    I changed chmode to 644 read only.
    but 30 hours approximate, when I look at my sites they are all blank again.
    The first time this happened after I installed the JR Favicon for WordPress plug-in. Since then I have uninstalled the plugin.
    Does anyone know what I should do to stop my sites from being hijacked?
    Michael

  2. Have you read FAQ My site was hacked?

    First - CHANGE ALL PASSWORDS. NOW. If they're getting back in, over and over, you probably have a password leak somewhere. Shut it down with new SQL and login passwords.

    Second - The fact that only those three files are getting whacked implies that there's a plugin that's killing things. But maybe not. If you uninstall JR favicon, did you delete it as well? You may need to search your DB for traces of it running.

    Also read Hardening WordPress. In this case, I'd strongly suggest you try using the WP Security Scan plugin, so you can sort out when this is happened. Then read your logs and try and sort out WHAT is doing this.

    And good luck.

Topic Closed

This topic has been closed to new replies.

About this Topic