WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Site Hacked, First Time (6 posts)

  1. verdipro
    Member
    Posted 2 years ago #

    I have quite a few wordpress sites. However, I have had my first hack on one of them. If you type the url directly in your browser you arrive at the correct web site. However if you click on the link from google or from another area, you go to a site that is not safe according to my AVG software & it is a completely incorrect url then my site.

    I checked my .htaccess file & there is definitely extra code in there that is causing the issue. I replaced the file & it fixed the site temporarily as I guess it was not as easy of a fix as I was hoping.

    Can anyone direct me to the next best steps to try? I have a backup, but is not recent. And I actually have no clue when the site was hacked since when I have been going to the url it comes up fine.

    Any help would be greatly appreciated.

  2. The Hack Repair Guy
    Member
    Posted 2 years ago #

    Hi,
    Good to hear you at least found a symptom of the hack. That's a good first step.

    1. Next, I recommend you contact your web host.
    If your web host maintains daily and weekly backups, hopefully they will be able to recover your website from prior to this event.

    Once they do so, you'll want to make sure all of your passwords are changed and likewise ensure all scripts on your site are updated.

    2. Web host has no back-ups
    Ok, so your web host has no backups (which is pretty much criminal in the hosting biz). If this is the case, you'll need to log into your website via FTP and start looking around for newly dated files, then work to remove any hacker code you find in them.

    3. After action?
    Well, once you clean things up it's time to start looking at future solutions. Proactive security is your friend.

    _x_ Check your scripts for version updates at least once a month.
    _x_ Only host with a web host who maintains "weekly" backups and who does not charge for backup recovery.
    _x_ Install Bulletproof Security and File Monitor Plus so you'll know when changes are made to your website (and it's free).
    _x_ Change your WordPress admin pass and FTP pass at least quarterly (mark your calendar).

    So these are the basics. You can do a lot more by only hosting with web hosts who make security their top priority (i.e., discuss security on their home page, etc.).

    Otherwise, I hope all goes well with you.

    Also, see the usual malware clearing how-to links:
    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/
    http://www.unmaskparasites.com/

  3. verdipro
    Member
    Posted 2 years ago #

    I appreciate your quick response to my issue. I will check on all of the above. I do have one extra issue. I have no idea when this happened as we started to hear about it a few days ago, but since I always typed the url in my browser we did not figure out the issue until today. Is there a way within a log file or something that I can check to see when this issue came about? Then I will be able to figure out which date of backups I should import.

  4. The Hack Repair Guy
    Member
    Posted 2 years ago #

    Ok, one trick here is to log into your File Manager or FTP software and sort the date column, so you can see the last modified date.

    That should tell you the last time the files were modified and give you a last date/time when the hacker did their worst.

  5. jexley
    Member
    Posted 2 years ago #

    If you do a quick cruise through the code, I bet you'll find some malicious code inside your PHP tags that checks for search engine referrals and then sends you to a site that downloads and installs an Exploit Pack.

    Google the crap out of all of that, and hopefully you'll find newer and better fixes than mine (which you should find too).

    Good luck to you. Don't forget to change ALL those passwords and keep an eye on the site's code!

  6. verdipro
    Member
    Posted 2 years ago #

    Thanks for all the replies & help. My hack issue is now resolved & all is back to normal.

Topic Closed

This topic has been closed to new replies.

About this Topic