WordPress.org

Ready to get started?Download WordPress

Forums

My site has been hacked and cant get back in control (10 posts)

  1. no_one
    Member
    Posted 2 years ago #

    Somthing very strange happend to me..

    My site http://about-snakes.com has been hacked and i cant get access to my wp-admin .. i have used several methods (codex.wordpress.org/Resetting_Your_Password) found on line to get the password to reset but nothing worked. all of them failed..

    i noticed that they changed my meta keywords .. if you type about snakes in google you should see my site on the first page.. depending on where you are.. but the description is about some drugs totally irrelevant to my reptile site .. here is what they but now on it

    "Buy Tramadol online from an official certified pharmacy, OVERNIGHT Shipping, Exclusive & competitive discount prices, express shipping & discrete packaging"

    my site is about reptile care and husbandry ..

    how can i take my site back ?

  2. esmi
    Forum Moderator
    Posted 2 years ago #

  3. gladwda
    Member
    Posted 2 years ago #

    Alternatively,

    If you have a backup, and access to your c-panel. Just ftp and remove the wordpress installation, re-install and load the backup.

  4. esmi
    Forum Moderator
    Posted 2 years ago #

    No! Not "alternatively"! That will not clean the hack out of the site and the hacker will probably just walk straight back in again. We do post these links & resources for a good reason, you know.

  5. gladwda
    Member
    Posted 2 years ago #

    yes alternatively. /condescending bold.

    If the backup is uploaded from local pre-hack, and the wordpress installation is entirely removed and replaced. That would eliminate the potential backdoor code.

    Your own link shows this."A backdoor is code that has been added to your site.
    It will most likely be code not in the normal WordPress files. It could be in the theme, it could be in a plugin, it could be in the uploads directory."

    Anything rooted deeper than his wordpress installation would affect the whole host, and thus would be looked into by them. It is unlikely of course, it was more likely to be insecure password or something similar.

    Your links are helpful, but you bombarded him with 8 of them. that's ages of reading and getting lost in finding a solution. If it is changed and happens again, he knows the issue is deeper (somehow) and can look to resolve it that way.

  6. esmi
    Forum Moderator
    Posted 2 years ago #

    That would eliminate the potential backdoor code.

    And hack back doors masquerading as graphic files in an uploads folder? and hacks that turn off & on? Last week, we had a user whose site had been hacked 3 years ago (yes - he had backups from 2009) but the hack (which was theme based) wasn't permanently visible. So backups won't necessarily be clean.

    4 of the links I posted are resources on how to clean your site properly.
    2 are links to scanning sites
    The final one is an article by securi on some of the reasons that WP sites get hacked in the first place and it contains a great deal of sheer common sense.

  7. gladwda
    Member
    Posted 2 years ago #

    Jesus 3 years? :/ I stand corrected.

  8. esmi
    Forum Moderator
    Posted 2 years ago #

    Yep. I've got copies of two of the infected themes - both downloaded from dodgy sites.

    From what I understand, the themes (which was are hacked versions of apparently genuine themes) inserted a call to an external js script. Then, I assume, the 3rd party site flicked a switch at their end whenever they felt like it to "activate" the script which inserted redirects into the site. Then, after a while, they switched it off again. The poor poster only happened to notice it recently because he was working on the site when they switched it on. -(

  9. esmi
    Forum Moderator
    Posted 2 years ago #

    Oh - and check out link No 4: http://ottopress.com/2009/hacked-wordpress-backdoors/ A really nice summary of hacker backdoors.

  10. no_one
    Member
    Posted 2 years ago #

    hey guys a friend of mine manages to fix it. we have acces and now i backed up and updated the wordpress version ti the latest.

    the meta description i could not fix.. still i get on Google this spam stuff

    Buy Tramadol online from an official certified pharmacy, OVERNIGHT Shipping, Exclusive & competitive discount prices, express shipping & discrete packaging.

    any ideas ? i checked the pages and posts as well as site description and nothing has been changes there ..

Topic Closed

This topic has been closed to new replies.

About this Topic