Posted 6 months ago #
My website has been hacked. http://www.cloudsmooth.co.uk
I have so far been following this
http://wpdude.com/wordpress-hacked
What to do next, and more important I cant log into wp-admin either - just take a look at the login page. Its messy.
Apparently I need to edit wp_users but I cant find the table.
Posted 6 months ago #
You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/
Additional Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
http://codex.wordpress.org/Hardening_WordPress
http://www.studiopress.com/tips/wordpress-site-security.htm
Posted 6 months ago #
Here is a relevant discussion that contains the bulk of the info you will probably need:
http://wordpress.org/support/topic/hacked-by-hacker-1?replies=38
Posted 6 months ago #
@Jan Dembowski
Man, am I getting lazy... LOL!
Posted 6 months ago #
I've just deleted everything in FileZilla.
backed up first off course.
All I have now is:
-access-logs
-www
Can I start again from here.
C Panel is giving me problems now. Might have to re-nstall the hacked version and go from there.
What a pain.
Posted 6 months ago #
I'm going to close this thread because I have fixed it.
What I did.
1) Deleted everything using File Zilla
2) Deleted all MySQL databases and user names
3) Used C Panel to make new database and user names
4) Re installed WordPress making sure wp-config.php renamed according (removing that sample bit) and editing inside to right database name etc
5) Uploaded WordPress using File Zilla to new directory of public_html
This video helps to explain the process very clearly:
http://www.youtube.com/watch?v=lDMooSts1rM
Lessons going forward:
BACK-UP regularly. It isn't hard to do so. But if your in my position now you have to download the damn theme, plug ins and upload pictures, make pages etc again. Pain in the butt.
It seem like it has been already reset back to default.
Posted 6 months ago #
Yeah thats what I had to do.
I cant be bothered to look EVERYWHERE for malicious code etc.
Its simpler for me to just rebuild the damn website.
Going forward I will multi back-up to fast restore with a wide variety of choices.
This method is only to be used in worst case scenarios and god forbid if you have more than the 15 or so pages I had.
I still have my wp-content I can re-upload but I think there could be a back door in there too.
If I were a hacker thats where I'd put it.
What do you think?
Posted 6 months ago #
The uploads folder is exactly where several known hacks store backdoors and backup copies of malicious code. NEVER upload hacked wp-content to a clean site!
Hopefully your story has inspired many to backup their installation regularly, including the wp-content stuff. It's possible for almost anyone to get hacked eventually, often through no fault of their own. Backups -- just do it!
Sorry for your troubles.
It take minutes to hack while hours to restore without backup. The morale of the story is always plan ahead for disaster.
Posted 6 months ago #
That's right guys.
Oh well, at least it will give me something to do.
I might go with a completely different theme now...
You must log in to post.
