WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] I've been hacked. What to do next? (11 posts)

  1. andyomerovic
    Member
    Posted 1 year ago #

    My website has been hacked. http://www.cloudsmooth.co.uk

    I have so far been following this

    http://wpdude.com/wordpress-hacked

    What to do next, and more important I cant log into wp-admin either - just take a look at the login page. Its messy.

    Apparently I need to edit wp_users but I cant find the table.

  2. ClaytonJames
    Member
    Posted 1 year ago #

    FAQ My site was hacked

    Here is a relevant discussion that contains the bulk of the info you will probably need:

    http://wordpress.org/support/topic/hacked-by-hacker-1?replies=38

  3. ClaytonJames
    Member
    Posted 1 year ago #

    @Jan Dembowski

    Man, am I getting lazy... LOL!

  4. andyomerovic
    Member
    Posted 1 year ago #

    I've just deleted everything in FileZilla.

    backed up first off course.

    All I have now is:

    -access-logs
    -www

    Can I start again from here.

    C Panel is giving me problems now. Might have to re-nstall the hacked version and go from there.

    What a pain.

  5. andyomerovic
    Member
    Posted 1 year ago #

    I'm going to close this thread because I have fixed it.

    What I did.

    1) Deleted everything using File Zilla
    2) Deleted all MySQL databases and user names
    3) Used C Panel to make new database and user names
    4) Re installed WordPress making sure wp-config.php renamed according (removing that sample bit) and editing inside to right database name etc
    5) Uploaded WordPress using File Zilla to new directory of public_html

    This video helps to explain the process very clearly:

    http://www.youtube.com/watch?v=lDMooSts1rM

    Lessons going forward:

    BACK-UP regularly. It isn't hard to do so. But if your in my position now you have to download the damn theme, plug ins and upload pictures, make pages etc again. Pain in the butt.

  6. Viscosity
    Member
    Posted 1 year ago #

    It seem like it has been already reset back to default.

  7. andyomerovic
    Member
    Posted 1 year ago #

    Yeah thats what I had to do.

    I cant be bothered to look EVERYWHERE for malicious code etc.

    Its simpler for me to just rebuild the damn website.

    Going forward I will multi back-up to fast restore with a wide variety of choices.

    This method is only to be used in worst case scenarios and god forbid if you have more than the 15 or so pages I had.

    I still have my wp-content I can re-upload but I think there could be a back door in there too.

    If I were a hacker thats where I'd put it.

    What do you think?

  8. bcworkz
    Member
    Posted 1 year ago #

    The uploads folder is exactly where several known hacks store backdoors and backup copies of malicious code. NEVER upload hacked wp-content to a clean site!

    Hopefully your story has inspired many to backup their installation regularly, including the wp-content stuff. It's possible for almost anyone to get hacked eventually, often through no fault of their own. Backups -- just do it!

    Sorry for your troubles.

  9. Viscosity
    Member
    Posted 1 year ago #

    It take minutes to hack while hours to restore without backup. The morale of the story is always plan ahead for disaster.

  10. andyomerovic
    Member
    Posted 1 year ago #

    That's right guys.

    Oh well, at least it will give me something to do.

    I might go with a completely different theme now...

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags