Blog “Hacked By GeNErAL”! How do I solve this?

  • webofsigns

    (@webofsigns)


    7 years, 2 months ago

    Hi, my site has been hacked, I think I should report this to WordPress? (I’ve also contacted my Web Host, waiting for a reply).

    I wrote two posts. Both posts have been hacked. I started using the Blog function some month ago. This site had been up for several years without any trouble until those two posts were created.

    The contents of the two blog posts were erased and titles were edited to ”Hacked by GeNErAL” and ”by w413XzY3”. (The featured images were intact, though).

    When I search the web, I find a lot of sites and images marked ”hacked by GeNErAL”.
    – Not very encouraging.

    I have of course contacted my web host (Binero in Sweden), waiting to see if they can give me a clue as to why this happened.

    Why was I hacked?
    – Was I too late in updating to WordPress 4.7.2? I did update today, on Feb 10th, when my client made me aware of the hacking. (Update arrived on Jan 26, right? Didn’t fit my ”work on websites schedule”, my bad, I know.).
    – All comments were closed for posts and I use Akismet (and ManageWP).

    How can I clean up my site?
    – Will install plugin Quttera or Wordfence, but will that do the trick? I’m not a programmer, so I hope for Magic here..!
    – I’ve erased the hacked posts and I will create new passwords everywhere.
    – Do I need to create new user names for admin and co-workers (we’re only 2)?

    What’s the best way to protect a site?
    – Is Jetpack any good for this?
    – I’ve read the WordPress FAQ “My site was hacked” but I guess I’m too panicked to fathom everything right now.

    (… Well, yes, it’s hard for a non-tech gal like me to find one of my sites has been hacked, after using WordPress for like 9 years. I build WordPress sites for clients and myself, but my strength is in creating content. Hope I don’t have to enlisten a technician for this, I always say that ”WordPress is so easy and secure”. Also, I hope someone will translate this important stuff into Swedish, because this tech lingo is hard enough as it is… 😉

    So happy I’ve been doing frequent backups. I’ve now set my site in Maintenance Mode, trying to clear my mind… Think I’ll redo the entire site from scratch, this is a bit scary.

    I found a topic here, started by @khurramar, but it was closed. Seems like I’m not the only one in trouble?

    So grateful for any insights on the subject! 😃

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator t-p

    (@t-p)

    7 years, 2 months ago

    – The Exploit Scanner plugin can help detect damage so that it can be cleaned up. Other things you should do:

    • Change passwords for all users, especially Administrators and Editors.
    • If you upload files to your site via FTP, change your FTP password.
    • Re-install the latest version of WordPress.
    • Make sure all of your plugins and themes are up-to-date.
    • Update your security keys.
    • See FAQ My Site Was Hacked.

    – When you’re done, you may want to implement some (if not all) of the recommended security measures.
    – If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you (e.g., Sucuri, Wordfence …).

    Thread Starter webofsigns

    (@webofsigns)

    7 years, 2 months ago

    Thank you so much for this quick reply! 🙂
    I will try the Exploit Scanner and follow all of your suggestions, will get back when I’m done, it’ll take a while 😉
    🙂 Louise

    Moderator t-p

    (@t-p)

    7 years, 2 months ago

    good luck!

    whitefirdesign

    (@whitefirdesign)

    7 years, 2 months ago

    It sounds like this relates to security vulnerability that existed in WordPress 4.7.0 and 4.7.1. If that is the case, reverting to a backup from before that started being exploited would be the easiest option to clear things up. The vulnerability was disclosed on February 1, so if you have a backup available from before then, that would be a good option to use. Changing the passwords associated with the website likely wouldn’t be necessary, but would be a good precautionary measure to take.

    The best way to protect against this type of thing is to make sure that automatic background updates are not disabled and are working properly, since with those working the website would have been updated to 4.7.2 when the update was released without requiring any user interaction and then the website couldn’t have been hacked through the vulnerability. If you haven’t disabled them, then getting in touch with the web host to work out why they are not working might help other customers at the same web host as well.

    Thread Starter webofsigns

    (@webofsigns)

    7 years, 2 months ago

    Thank you so much @whitefirdesign 🙂 !
    OK, I’ll try to revert to a backup from before February 1 and I will make sure I have automatic background updates in the future (I thought I had with ManageWP, but I’ll check). I will also alert my web host to this, if they’re not yet aware.

    – There’s so much in orbit around a website, exciting but slightly confusing at times.

    So grateful for your input!

    Ouch, I sure have some work cut out for me this weekend, guess it’s called Staying Alive!? 😉
    /Louise

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Blog “Hacked By GeNErAL”! How do I solve this?’ is closed to new replies.