Blog hacked, host said to upgrade, lost all posts

  • Resolved cowgirljules

    (@cowgirljules)


    15 years, 4 months ago

    Hi, I hope you all can be forgiving of my technical incompetence. I got an email from Dreamhost today stating that, “We have received a complaint of outbound DoS attack activity from your
    webserver which we’ve traced back to hacked scripts/processes running
    under your domain, here:

    cowgirljules/cowgirljules.com/wp-content/themes/remv.php

    The above-noted file has been deleted, but there may be more hacked files
    that you need to find and remove. The file appears to have been uploaded
    via an exploit of some sort, likely in the outdated Version of WordPress
    you have installed under this domain.

    $wp_version = ‘2.0.3’;
    (Note: The current version available on WordPress.org is 2.6.5 and
    contains many security updates since your version.)

    To keep your site and the server secure I have disabled the domain by
    renaming the domain directory to end in “_DISABLED..” — please do NOT
    reinstate the domain until you have thoroughly executed the instructions
    at the below wiki article:

    http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites
    For this type of hack, the “CGI Hack” and “Cleaning Up” sections are most
    important. Please note that if you do not secure the site fully it will
    result in the domain being hacked again, further illegal activity
    occurring, and the domain (or possibly the account) being closed again,
    so your thorough attention to this matter is appreciated.”

    I’m not very technically competent, so I tried to do what they said. I managed to get to my database, but I had no idea what was supposed to be there and what wasn’t. I made a backup of the database from their control panel, so now there seemed to be doubles of everything.

    They said I had to upgrade WP to the latest and directed me to their one-click install page. After three tries, (the first two said my site didn’t exist, and therefore couldn’t be upgraded) I finally got the upgrade to work. However, this was the first time I could get in to either my site or my admin panel, and I was horrified to see that everything was lost. I know it all still exists somewhere and I don’t mind finding a new theme and farting around with plugins, but I’d really like to have my content back in contact with my site. Incidentally, this was also when they stopped responding to emails.

    Can anyone help me in very simple language, or am I completely hosed? I really hate to lose five year’s of work and it’s brought me to tears a couple of times. I’m afraid to mess more stuff up.

    Thank you,

    Jules

Viewing 11 replies - 1 through 11 (of 11 total)
  • Mark Jaquith

    (@markjaquith)

    15 years, 4 months ago

    Your info is likely not lost. Probably your new WP install is pointing to a new database, and you just need to find the Database Name, Database User, and Password for your old setup. Your host should be able to find this information for you (though if you don’t know the database password, it’ll have to be reset). Once you have this information, you’ll edit the wp-config.php file in your WordPress install and put that information in, reconnecting your new, clean WordPress files with your old WordPress database.

    Thread Starter cowgirljules

    (@cowgirljules)

    15 years, 4 months ago

    I know the database name, user, and password, but I don’t know how to find or edit the wp-config.php file. I did some searching in the database and here. I didn’t download anything to my computer and then upload it, so I don’t have any text files to look at. I used their “one click.” How do I find this file?

    Thread Starter cowgirljules

    (@cowgirljules)

    15 years, 4 months ago

    I’m not trying to bump, I got a response from Dreamhost:

    You need to compare the database configuration file settings between your
    old, disabled version and your newly-installed version:

    /home/cowgirljules/cowgirljules.com/wp-config.php
    /home/cowgirljules/cowgirljules.com_DISABLED_FOR_EXPLOIT__CONTACT_DREAMHO
    ST/wp-config.php

    It looks like the primary difference is the old version you had the
    table_prefix variable:
    $table_prefix = ‘wp_’;

    In the new installation you have:
    $table_prefix = ‘wp_35rcwy_’;

    So your new installation is looking at the wrong tables. Your old data
    is still in the tables with the “wp_” prefix. You should check the
    documentation/forum available at WordPress.org if you need assistance
    figuring out how change this setting.

    So they’re throwing me on your mercy. I do need help; this might as well be Greek to me.

    Thanks

    Mark Cahill

    (@lagmeister)

    15 years, 4 months ago

    In the new config file, change the table prefix line to read “wp_” and it should work.

    look for wp-config.php and you’ll find a line that says

    // You can have multiple installations in one database if you give each a unique prefix
    $table_prefix = ‘wp_’; // Only numbers, letters, and underscores please!

    And that is what it should read…

    Thread Starter cowgirljules

    (@cowgirljules)

    15 years, 4 months ago

    Thank you, but I don’t know how to find my config file or to upload it if I change it.

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    15 years, 4 months ago

    Can you see the files on your site? Can you FTP to your site?

    The wp-config.php file. Edit it with a text editor. You may need to download it first. You may need to upload it afterwards.

    There is a certain minimum level of capability needed to be able to run a website, and editing text files on that website is kinda sorta one of those things you need to be able to figure out how to do.

    Read this: FTP Clients

    Thread Starter cowgirljules

    (@cowgirljules)

    15 years, 4 months ago

    No, I’ve been trying for two days now to FTP to my site, and I haven’t been able to. I downloaded WP and got into the config file with a text editor, but I’m lost.

    All I’m trying to do is blog, and I did that on WP sucessfully for several years. I’m not trying to be a webmaster or anything. If I could find a consultant, I’d happily throw money at the problem, but I haven’t been able to find that either.

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    15 years, 4 months ago

    Email me your login details and such and I’ll see what I can do.

    otto@ottodestruct.com

    Moderator Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    15 years, 4 months ago

    We got it fixed. Her site (DreamHost) happens to require SFTP instead of just FTP. Once that was worked out, it was just a matter of moving files around a bit and editing the config to fix the table prefix.

    webmistressofthedark

    (@webmistressofthedark)

    15 years ago

    OK run this by me again?

    After a fresh install of WP, how do I adjust the password on the database?

    Can I just change it in Cpanel and then adjust my config file and it will work?

    I can’t lose all this info which I have gotten a backup of.

    webmistressofthedark

    (@webmistressofthedark)

    15 years ago

    I’m all set but the coders should know that I had the remv.php file on v2.5, and had NO comments or registration open and was still hacked.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Blog hacked, host said to upgrade, lost all posts’ is closed to new replies.