WordPress.org

Ready to get started?Download WordPress

Forums

Post-hack and post-migration site rendering alphabets wrong (4 posts)

  1. Saqib Khan
    Member
    Posted 6 months ago #

    The following is a complete list of things gone wrong with my site http://www.restaurants-uncut.com. :

    1. Some of the alphabets in posts convert to strange characters upon publishing. Some of the words and letters that I write change into strange characters, especially apostrophe. The following is a sample of this:
    "isn’t there all the time. Also if you’"

    2. Half of the post disappears once it is published. It’s as if the editor deletes part of the post randomly.
    3. The Jetpack site stats page is showing the same strange characters. Only here the complete screen is showing gibberish stuff instead of just partial, like in posts.
    4. The strange characters are also visible in the admin panel. For instance the text in the wordpress news tab as well as in the plugin description in the plugin finder. That means it not something in the theme itself.
    5. The post summary and thumbnail does not show up in Facebook status update when I post a link of a specific post on my Facebook wall.

    Some of the remedies I’ve tried:
    1. Deactivated all the plugins.
    2. Checked for malicious code in theme files.
    3. Changed the theme altogether
    4. Looked for malicious code in wp-config and .htaccess.
    5. Looked for suspicious files in the website folder via FTP.

    Couldn’t find any malicious code or file and nothing seems to work. Could the code have been injected into the database? How do I check that? That is, while files should I check in the database?

    The site has been hacked four times in the past and migrated from Servesea server to iPage server, although I don’t think it’s a migration issue because I migrated another site of mine http://www.brandasy.com and nothing seems to be wrong with it.

    I recovered the site from each hack and now the site is running WP Better Security and ever since the migration there has been no intrusion to the best of my knowledge.

    Kindly advise.

  2. Couldn’t find any malicious code or file and nothing seems to work.

    I recovered the site from each hack

    You may have fought the symptoms but I'm not sure you successfully deloused your site.

    You need to start working your way through these resources:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/

    Anything less will probably result in the hacker walking straight back into your site again.

    Additional Resources:
    Hardening WordPress
    http://sitecheck.sucuri.net/scanner/
    http://www.unmaskparasites.com/
    http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

  3. Saqib Khan
    Member
    Posted 6 months ago #

    Thank you Jan for the help. Appreciate it.

    I guess I've deluded myself into thinking that just because the site has not been hacked again in the last six months, it won't happen again in the future.

    I think what I was really looking for when I posted this dilemma of mine is that if someone had the same experience post-hack, how did they resolve this strange character-changing behavior of wordpress engine. And if someone can share a similar experience, I would be grateful.

    I will definitely be going through all the aforementioned resources to double-check everything, some of them I had already gone through when cleaning the site after the previous hack.

  4. I guess I've deluded myself into thinking that just because the site has not been hacked again in the last six months, it won't happen again in the future.

    That might be the case and I certainly don't want to discourage you. It's just that it's easy to miss something. That's why that list of articles is often repeated here. They're really a good source of information for getting a handle on a hacked site.

Reply

You must log in to post.

About this Topic