Forums

WordPress › Support » Miscellaneous

[resolved] My root was hacked (3 posts)

  1. ivanrazine
    Member
    Posted 1 year ago #

    Hi! My site was just hacked in some weird way but I could restore everything to normal no problem.

    I was wandering if I had anything else to do in order to make it safe?

    I have 6 different wordpress installations in subfolders and my root redirects to another subfolder with some basic html page in it, so no wordpress on my root.

    Today I couldn't access my root, so I checked it and found these files:

    wp-index.php
    redirects.php

    Moreover, my .htaccess has been modified.

    I basically deleted new entries in my .htaccess and the php files and it worked.

    The first php file (wp-index.php) contained this :
    eval("?>".gzuncompress(base64_decode("SOMERANDOMSTUFF"))); ?>

    ...and was signed "Mouad512@w.cn".

    The second php file (redirects.php) contained:
    <?php header('Location: https://rapidshare.com/files/460639983/facebook-pic000991655114.exe'); ?>

    My .htaccess had some extra "redirect" lines.

    Anyway, what I was trying to say is that my root got affected by these weird wordpress hacks, even though I have no wordpress installation on my root, they are all in subfolders.

    How is that possible?

  2. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 1 year ago #

    Your server was compromised in some way. It happens.

    http://codex.wordpress.org/FAQ_My_site_was_hacked will get you started but you're going to want to go the extra mile here.

    Delete everything BUT the wp-content folders and the wp-config.php files (normally I'd say .htaccess too, but in this case, you know it's compromised so rename 'em old.htaccess and you'll want to rebuild them).

    Upload fresh copies of WordPress core AND all the plugins. Every. Last. One.

    Change your passwords, from WordPress to SQL to FTP.

    Make sure you're NOT using your server ID/Password in your wp-config.php, but instead a SQL ID that ONLY has access to your databases.

    Tell your host! They may be able to help.

  3. ivanrazine
    Member
    Posted 1 year ago #

    Thanks! Will do!

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags