Title: Anonboy hack Last modified: August 21, 2016 --- # Anonboy hack * [aerta](https://wordpress.org/support/users/aerta/) * (@aerta) * [12 years ago](https://wordpress.org/support/topic/anonboy-hack/) * Anyone have any experience of being hacked by Anonboy? He’s hacked five of my sites this week. He seems to enter the MySgl database and changes the UFT-8 charset to UFT-7. Then wreaks havoc on the site. * Any advice gratefully received. Viewing 6 replies - 1 through 6 (of 6 total) * [esmi](https://wordpress.org/support/users/esmi/) * (@esmi) * [12 years ago](https://wordpress.org/support/topic/anonboy-hack/#post-4863490) * You need to start working your way through these resources: [http://codex.wordpress.org/FAQ_My_site_was_hacked](http://codex.wordpress.org/FAQ_My_site_was_hacked) [http://wordpress.org/support/topic/268083#post-1065779](http://wordpress.org/support/topic/268083#post-1065779) [http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/](http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/) [http://ottopress.com/2009/hacked-wordpress-backdoors/](http://ottopress.com/2009/hacked-wordpress-backdoors/) * Anything less will probably result in the hacker walking straight back into your site again. * Additional Resources: [Hardening WordPress](http://codex.wordpress.org/Hardening_WordPress) [http://sitecheck.sucuri.net/scanner/](http://sitecheck.sucuri.net/scanner/) [http://www.unmaskparasites.com/](http://www.unmaskparasites.com/) [http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html](http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html) * [lapd](https://wordpress.org/support/users/lapd/) * (@lapd) * [12 years ago](https://wordpress.org/support/topic/anonboy-hack/#post-4863744) * Hi! * I am having the same problem on one of my sites … I can open the front page just fine, but when I click on any link or subpage I get a blank page saying hacked by anonboy. * I have cleaned up all the wordpress files and I am certain that there is something going on in the database, because I have tried to install the site with a fresh mysql and it worked. There is just some much custom things to repair that I would really like to restore/repair the original database somehow. * Anyone had the same problem and found a solution? * Thread Starter [aerta](https://wordpress.org/support/users/aerta/) * (@aerta) * [12 years ago](https://wordpress.org/support/topic/anonboy-hack/#post-4863745) * Hi, * Yes, I had five sites hacked by Anonboy. He’d accessed the server through insecure passwords (not mine) and proceeded to hack other WP sites on the same server. All my plugins and versions of WP were up-to-date. * The solution I found was to get my hosting company to reinstate the sites from their most recent backups (from a few days before). Some of these versions had been hacked but the hacking hadn’t taken full hold so they were able to strip out the bad code and restore the sites (apart from some widgets which I had to reinstate). * I then went into all my sites and changed the passwords and installed the ‘disable comments’ plugin – apparently Anonboy gains access to the database by going through comments. * Anonboy’s IP address is in Singapore. Not sure how he gets off on this but he clearly thinks he’s cool. * Good luck. * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [12 years ago](https://wordpress.org/support/topic/anonboy-hack/#post-4863746) * Just a side note. * > The solution I found was to get my hosting company to reinstate the sites from > their most recent backups (from a few days before). * Generally speaking, that doesn’t work… * If the attacker got in via compromised passwords, and your backup was 100% clean, and you’ve changed your passwords to something more secure THEN that could be a solution and I’m glad if that works for you. * But if the attacker got in via a weakness in the server config or an add-on such as a plugin then restoring the backup won’t do it for long. * [lapd](https://wordpress.org/support/users/lapd/) * (@lapd) * [12 years ago](https://wordpress.org/support/topic/anonboy-hack/#post-4863747) * OK, I have managed to get the backup and it works for now … we will see what happens 🙂 * Thanks! * Thread Starter [aerta](https://wordpress.org/support/users/aerta/) * (@aerta) * [12 years ago](https://wordpress.org/support/topic/anonboy-hack/#post-4863748) * Attacker got in via insecure passwords and compromised CHMOD permissions – someone else’s on the shared server. So far, reinstated backups, changed passwords and dodgy code stripped out seems to be working. Fingers crossed. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Anonboy hack’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 6 replies * 4 participants * Last reply from: [aerta](https://wordpress.org/support/users/aerta/) * Last activity: [12 years ago](https://wordpress.org/support/topic/anonboy-hack/#post-4863748) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics