Compromised site (3 posts)

  1. invictusbob
    Posted 4 years ago #

    For reasons which I now regret, I find myself managing a client's website to which some chaps in Mumbai added a WordPress blog about 18 months ago. I have no WordPress experience and, since the client said it was working fine, I did nothing other than take a database backup when I took over in February. (I learned how to do that in these forums - my first real use of phpMyAdmin.) They recently started having trouble - unable to insert images or links etc. I upgraded to the lates version whic fixed the problems for a week. I'm guessing it's malware of some sort as now, when going to the site, Norton blocks attacks from a variety of Russian Federation IP addresses. Also, the time stamps on (only) the html files on the whole site keep being updated despite me not uploading any changes.

    On investigating WordPress I found that the admin password was 'admin' and no secret keys had been setup. I've changed that but it hasn't fixed the problem. I've looked at the obvious files and can find nothing suspicious - but then I wouldn't expect it be obvious!

    What steps do you suggest I take to clear this up? Clutching at straws - this site is on a shared server with an ISP, what's the chance that the problem isn't within this site but on the server?



  2. Jackson
    Posted 4 years ago #

    You need a complete cleaning. You cannot assume the validity of any file present, start fresh from new downloads of WP, Plugins and Themes

    Here are some helpful resources


    You might want to run the site through here: http://sitecheck.sucuri.net/

    You may be surprised to see what the site is serving up to search engines.

    Good luck!

  3. invictusbob
    Posted 4 years ago #

    Thanks for that and the links. I'll take it very carefully!

Topic Closed

This topic has been closed to new replies.

About this Topic