How to clean hacked WP

Resolved po5i
(@po5i)

14 years, 7 months ago

Hello, mi site is http://www.kendoguayas.com, recently go hacked (I think it was because of ftp), so they changed a lot of index.php files and others.

I think I clean all of them, always did it the same way and at the end I can finally navigate my site, but now I cant.

After the google/firefox advice, I got a website without css and when I tried to load the css manually or click any link I got redirect to a malware windowsprotection-5.com site.

I can’t find where this redirection is.

Has anyone gone through this before?

Thanks

Viewing 6 replies - 1 through 6 (of 6 total)

iridiax
(@iridiax)

14 years, 7 months ago

If you have an .htaccess file, check it for any weird redirects. Also see:

http://codex.wordpress.org/FAQ_My_site_was_hacked

The hacked files could be anywhere on your site, not just in WordPress. Databases can also be compromised. Also check your home computer.

Thread Starter po5i
(@po5i)

14 years, 7 months ago

Just checked all that.. Even I replace a functional 2.8 site (without wp-content) with default template and even can’t display the /wp-admin login correctly.

When I look in firebug in the head css, it said that css couldn’t load.

Also look in the database, removed a iframes but still have the problem

I dont know what to do…

Thread Starter po5i
(@po5i)

14 years, 7 months ago

Even I rename the directory, create one with the same name and upload a new wordpress pointing to a empty database… the installation goes without loading the css.

I officialy worried…

UseShots
(@useshots)

14 years, 7 months ago

Hi,

Unfortunately your site is still hacked. It redirects search engine traffic to “bad” sites.

Here you can see the redirects
http://www.UnmaskParasites.com/security-report/?page=www.kendoguayas.com

It happens when hackers modify your .htaccess file.

You should remove malicious redirect rules from your .htaccess file.
Your FTP credentials have been stolen. So scan your computer for malware.
Then change site passwords and refrain from saving them in your FTP programs (of course if you don’t want reinfection).
Finally request a malware review via Google’s Webmaster Tools. Your site is currently blacklisted by Google and web browsers like Firefox, Safari and Google Chrome
http://www.google.com/safebrowsing/diagnostic?site=www.kendoguayas.com

P.S. Upgrade Abobe Acrobat, Flash and Java on your computer – older versions are vulnerable.

whooami
(@whooami)

14 years, 7 months ago

I dont know what to do…

do it again.

http://wordpress.org/support/topic/267398?replies=8

Thread Starter po5i
(@po5i)

14 years, 7 months ago

Thanks!! It was a .htaccess in the root folder of my hosting…

I also changed the password of the ftp and chmod 444 to my scripts.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘How to clean hacked WP’ is closed to new replies.

How to clean hacked WP

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics