WordPress.org

Ready to get started?Download WordPress

Forums

My WP website have been hacked 2 times, please help! (12 posts)

  1. emadpaul
    Member
    Posted 2 years ago #

    Hello,
    I create a website using WP and it have been hacked 2 times by the hacke called him self "Almaystro Almaghribi ".. when I open the site I found his hacking message and I go to my Cpanel to remove the index file and uplode it again.. I have change my admin passwored many times and I have firewall bluging into my Wp but still hacking??
    this is the source code from the page that have been hacked it may help me to solve this issues..

    [ Code moderated. For more than 10 lines of code please pastebin.com instead. ]

    so please how can I protect my wp site???

  2. ClaytonJames
    Member
    Posted 2 years ago #

  3. emadpaul
    Member
    Posted 2 years ago #

    Hey Clayton,
    wow really thank you for your reply and sure that would be very helpful for me to read lot's of things about wp prevention.. I have lots of coffee and I'm ready :)

    But please just one more thing and I need your help.. when my website hacked for the first time I have clean the host and the database, and I install the new fresh WP files.. I change my admin log in information and I make it very hard.. but the hacker hack my index file again and I don't know why?? is it from the host that I'm using or from the WP theme that I'm using ?????

    this is the source code from the Index page that have been hacked 2 times it may help you to get the answer: "it's in Google docs sharing files.. please click to see the file"

    https://docs.google.com/document/d/1wej1apPh6Istx36OnIw3XxhLKMJAU4DvPZ_GhbceF-A/edit

  4. Contact your webshost. They have have a problem.

  5. ialima7
    Member
    Posted 2 years ago #

    "Free Premium Themes" = site files infected.

    I removed the malicious code manually. Do you stay in index.php and other important files from WordPress, themes and plugins folders.

    However, it may be easier to start from scratch. Back up all files and database (I find it useful to use the Export tool). Delete everything from the server. Install WordPress, keep the default theme, import posts. So do not be left any php file infected. In any event reinstall the previous theme, find a trusted source.

  6. emadpaul
    Member
    Posted 2 years ago #

    I will try to contact my web host..
    I deleted the infected index.php and I upload it again to the WP folder and now the site is working very well.. I have deleted all my files before and I start from the scratch but still hacked again :( that's why I don't understand..

    I think my google docs link have problem so I will just put small things from the source code of my index file that hacked..

    `<html xmlns:v="urn:schemas-microsoft-com:vml"
    xmlns:o="urn:schemas-microsoft-com:office:office"
    xmlns:w="urn:schemas-microsoft-com:office:word"

    xmlns="http://www.w3.org/TR/REC-html40">
    <head>
    <meta http-equiv=Content-Type content="text/html; charset=windows-1256">
    <meta name=Generator content="Dev-PHP 3.00 Alpha 4"
    <meta name=Originator content="Microsoft Word 11">
    <link rel=File-List href="index1_fichiers/filelist.xml">
    <link rel=Edit-Time-Data href="index1_fichiers/editdata.mso">
    <!--[if !mso]>'

  7. emadpaul
    Member
    Posted 2 years ago #

    and this too:

    `<style>
    v\:* {behavior:url(#default#VML);}
    o\:* {behavior:url(#default#VML);}
    w\:* {behavior:url(#default#VML);}
    .shape {behavior:url(#default#VML);}
    </style>
    <![endif]-->
    <title>.:: Hacked By Almaystro Almaghribi ::.</title>
    <!--[if gte mso 9]><xml>
    <o:DocumentProperties>
    <o:LastAuthor>Younes Lma</o:LastAuthor>'

    so I don't understand how he got to my index file may you help me from this codes I have send please..

  8. If your index file is being written to, like as not, your account is compromised still.

    I change my admin log in information and I make it very hard

    Did you change the login info for your sevrer ID? Not just WP, but the one you use to FTP etc?

  9. ialima7
    Member
    Posted 2 years ago #

    There are many the infected files. When another infected php is executed, it infects other again. I've been there. Will have to do a more thorough search.

  10. emadpaul
    Member
    Posted 2 years ago #

    @Ipstenu, you right.. I will change my server ID
    @ialima7, for now my site is working very well.. I just don't know how my index file get infected 2 times.. but for now I'm reading more Info on prevention..

    any way Really thank you very much all for your help.. I learned so much from this conversation :)

  11. Your index file is being written to not via WP but becuase they have access to your server.

    1) make a backup of WP DB and files.
    2) Delete all your WP files except

    wp-content/uploads
    wp-config.php
    .htaccsss

    3) Change your FTP and SQL passwords.
    4) Upload a fresh copy of WP and all your themes and your plugins.

  12. emadpaul
    Member
    Posted 2 years ago #

    @Ipstenu, Thanks so much.. in fact I'm going to transfer my domain and all my files to another host because the server that am using is not good and to get support from them is hard.. so I will change to Bluehost :)

    I notes that my index file have been hacked from the server..
    I will do backup..
    Thank you Ipstenu :)

Topic Closed

This topic has been closed to new replies.

About this Topic