WordPress.org

Ready to get started?Download WordPress

Forums

Site Hacked? (33 posts)

  1. Shimshon9
    Member
    Posted 6 years ago #

    When I go to my site http://www.shimshon9.com I see only a blank site - was I hacked or something - help!

  2. Roy
    Member
    Posted 6 years ago #

    Could be a lot of things. Your admin seems to work (login screen at least), so I guess you just start looking around a little there. Are there still themes, does something look fishy? Did you try going to your FTP server to see if there's something strange?

  3. Shimshon9
    Member
    Posted 6 years ago #

    I checked my FTP server.
    On the Dashboard the Spam comments are missing...

    What to do?

  4. Roy
    Member
    Posted 6 years ago #

    You didn't say anything about spam comments! It seems that your complete site is down (I can't access any article you posted). Some more info might be helpfull for people who have more experience with this. Are you running 2.2.1? Where does the spam appear? Since when? Can you see where it is from? Do you have a anti spam plugin? Did you check your error logs? Any information that can be helpfull.

  5. Shimshon9
    Member
    Posted 6 years ago #

    1. I am using 2.2.1
    2. The Spam doesn't appear at all.
    3. All my plugins are gone!
    4. How do I check error logs?
    5. I noticed this problem about 2 days ago.
    6. I also cannot access any Article?!
    7. In Dashboard/Themes I get this massage: Warning: array_keys() [function.array-keys]: The first argument should be an array in /home/shimshon/public_html/wp-includes/theme.php on line 276
    8. I have plenty of subscibers (spam)in Authors & Users

    Thanks for any help...

  6. Roy
    Member
    Posted 6 years ago #

    Ok, this is going to be beyond my abilities (I have never been hacked myself), so hopefully somebody else joins this thread. Just a quick point by point reaction.
    1) This is a reason to upgrade (see later)!
    2) How do you know there is spam? Is it comment spam, pingback spam, trackback spam, has your site been injected and does the spam appear in the header, footer or index?
    4) The control panel (my PHPadmin, or whatever it is called) of your host. There are people who can talk you through that better than myself.
    5) -
    6) Did you try changing themes? Perhaps you 'only' have an infected theme (if changing to default helps to bring your site back, you still have a serious issue of course).
    7) That may answer my previous question, no idea what that error is about.
    8) I suppose you better change your settings to "nobody can register" and delete the new users.

    For the rest: change your admin password (and user name), FTP password and perhaps it may be even smart to change the database user and password. You need to do an upgrade which includes deleting the old files (except wp-config) and remember that it could be your theme that is compromised, so don't just use it again (the same goes for plugins that you use. Delete all of them and if you still need them, download 'fresh' ones and use those).

    Some documentation:
    http://www.village-idiot.org/archives/2008/03/18/wordpress-spam-inject-honeypot/
    http://www.village-idiot.org/archives/2008/03/19/wordpress-spam-inject-honeypot-2/
    http://www.village-idiot.org/archives/2008/04/03/wordpress-capturing-_post-requests/

    Good luck :-/

  7. Shimshon9
    Member
    Posted 6 years ago #

    Well - looks like I have a real problem...

  8. Shimshon9
    Member
    Posted 6 years ago #

    Do you think that an upgrade might solve the problem since I replace some files?

  9. Roy
    Member
    Posted 6 years ago #

    You should look where the problem is. If a theme file is infected, then upgrading makes no difference if you use the same theme. Let me quote myself from another thread of today.

    be sure to have an "uncrackable" password (not "hello35" or something). Change the "admin" to something else (make a new user, promote it to admin, degradate the old admin to user and delete it) and have a look around your files and error logs to see if you find anything fishy. Once hacked, your website will be difficult to make save again. The hacker might use your cookie to just log in again tomorrow if you don't take care of things. Some script may be running on the website that sends passwords to the hacker or whatever. Not to make you scared to death, but take precautions and remember that once hacked, you have to clean up the mess, just like with a virus.

    You shouldn't just patch things up. If you want to be on the save side, better try a completely fresh (including the theme or check the files first really well, making sure nothing of the hack is left.

  10. Shimshon9
    Member
    Posted 6 years ago #

    If I do a fresh install do you think I can save my Database? I do not want to loose all my previous entries...

  11. jayoh
    Member
    Posted 6 years ago #

    export your database from phpmysql (if your host offers it).

    you can then redeploy it on a new install.

  12. Shimshon9
    Member
    Posted 6 years ago #

    If you look at my site know I got a new index file (Welcome to Diya System) and I didn't put it there..

  13. Shimshon9
    Member
    Posted 6 years ago #

    Also my Dashboard disappeared - the files are all on the server but page is not found?

  14. whooami
    Member
    Posted 6 years ago #

    thats the vdeck defualt page, that I see, and thats normal if you dont have an index page.

  15. whooami
    Member
    Posted 6 years ago #

    Also my Dashboard disappeared - the files are all on the server but page is not found?

    your files are NOT where you think they are. If they were I would not be seeing the defualt index page for vdeck.

  16. Shimshon9
    Member
    Posted 6 years ago #

    I do not see the vdeck index page, I see some Diva Systems page with links to a web host that is not mine!

  17. Shimshon9
    Member
    Posted 6 years ago #

    There must be some file I cannot see since all my files seem to be ok

  18. whooami
    Member
    Posted 6 years ago #

    i suggest clearing your browser cache.

  19. Shimshon9
    Member
    Posted 6 years ago #

    This didn't help - I see the same in IE or in firefox...

  20. whooami
    Member
    Posted 6 years ago #

    oke, well, this is ridiculous, Im sorry.

    what web site are you looking at? I am looking at the one that you linked in your first post. Maybe you need to check your DNS settings.

    Whatever the case may be, its not a problem on my end.

  21. Shimshon9
    Member
    Posted 6 years ago #

    I am looking at http://www.shimshon9.com and I see this:

    Diya Systems

    Address: Diya Systems, 4th floor,Empire mall,M G Road
    Mangalore, Karnataka 575003
    IND

    Business Phone:

    1 --
    Fax:
    E-mail:

    diya_asariya@yahoo.co.in
    Products and Services:

    This online Page will Give The details about Myself

    Register a Domain:
    Join BizLand | Sell Online | Become an Affiliate | Promote your Web site | Create a banner free Web site

    What do you see?

  22. Shimshon9
    Member
    Posted 6 years ago #

    Well - sorry, now I see also the vdeck...

  23. Len
    Member
    Posted 6 years ago #

  24. Shimshon9
    Member
    Posted 6 years ago #

    If I go th http://www.shimshon9.com I see the vdeck.
    If I go to http://www.shimshon9.com/index.php it says page not found.

    If I check on my file manager I can see the index file, it didn't disappear?!

  25. whooami
    Member
    Posted 6 years ago #

    Shimshon9,

    whats the name of the folder that your wordpress files are inside of?

  26. Shimshon9
    Member
    Posted 6 years ago #

    public_html

  27. whooami
    Member
    Posted 6 years ago #

    and is there an .htaccess in that directory?

    Other than that, I dont know what to tell you. Contact your host. They get paid to do this sort of crap.

  28. Shimshon9
    Member
    Posted 6 years ago #

    no .htaccess

  29. Shimshon9
    Member
    Posted 6 years ago #

    Well thank you for all your help. I guess now I have to wait for my host - he seems to be busy!
    Anyway I am open to more suggestions... do I need this .htaccess file.

    I want to find the cause before I upgrade.

  30. Shimshon9
    Member
    Posted 6 years ago #

    Should the index file look like this:

    <?php
    /* Short and sweet */
    define('WP_USE_THEMES', true);
    require('./wp-blog-header.php');
    ?>

Topic Closed

This topic has been closed to new replies.

About this Topic