Title: Hack
Last modified: September 9, 2019

---

# Hack

 *  Resolved [keyvan21](https://wordpress.org/support/users/keyvan21/)
 * (@keyvan21)
 * [6 years, 9 months ago](https://wordpress.org/support/topic/hack-14/)
 * hello
    i open my website today, and see all of my pages redirect to deleted help
   me plz…! thanks
    -  This topic was modified 6 years, 9 months ago by [Jan Dembowski](https://wordpress.org/support/users/jdembowski/).

Viewing 6 replies - 46 through 51 (of 51 total)

[←](https://wordpress.org/support/topic/hack-14/page/3/?output_format=md) [1](https://wordpress.org/support/topic/hack-14/?output_format=md)
[2](https://wordpress.org/support/topic/hack-14/page/2/?output_format=md) [3](https://wordpress.org/support/topic/hack-14/page/3/?output_format=md)
4

 *  [marc77](https://wordpress.org/support/users/marc77/)
 * (@marc77)
 * [6 years, 9 months ago](https://wordpress.org/support/topic/hack-14/page/4/#post-11915231)
 * Please see my previous updates on page 3.
 * I checked the plugin for the “aam-media” parameter. There are only 2 files:
 * \core\Media.php
    \Shared\Manager.php
 * in Media.php is:
 * > protected function __construct() {
   >  $media = filter_input(INPUT_GET, ‘aam-media’);
   > $request = (is_numeric($media) ? urldecode(AAM_Core_Request::server(‘REQUEST_URI’)):
   > $media); $root = AAM_Core_Request::server(‘DOCUMENT_ROOT’);
   >  $this->request = str_replace(‘\\’, ‘/’, $root . $request);
   >  $this->request_uri
   > = preg_replace(‘/\?.*$/’, ”, $request); }
 * and in Manager.php is:
 * > //check Media Access if needed
   >  if (AAM_Core_Request::get(‘aam-media’)) { AAM_Core_Media::
   > bootstrap()->authorize(); }
 * could this INPUT_GET or AAM_Core_Request::get be the problem?
 * Because the first command in the access.log was
 * GET /wp-config.php?aam-media=1
    -  This reply was modified 6 years, 9 months ago by [marc77](https://wordpress.org/support/users/marc77/).
 *  [salvaramirez](https://wordpress.org/support/users/salvaramirez/)
 * (@salvaramirez)
 * [6 years, 9 months ago](https://wordpress.org/support/topic/hack-14/page/4/#post-11915249)
 * The only common plugin I have in all hacked sites and with other hacked users
   is AAM.
 *  [marc77](https://wordpress.org/support/users/marc77/)
 * (@marc77)
 * [6 years, 9 months ago](https://wordpress.org/support/topic/hack-14/page/4/#post-11915260)
 * I am pretty sure it is AAM. See my posts before.
 * Quick and dirty todo until its fixed:
 * block the IP Range in the httaccess
    + deactivate the plugin + rename the plugin
   folder + change all DB and WP Passwords
    -  This reply was modified 6 years, 9 months ago by [marc77](https://wordpress.org/support/users/marc77/).
 *  [Chris Castejon](https://wordpress.org/support/users/welovetech/)
 * (@welovetech)
 * [6 years, 9 months ago](https://wordpress.org/support/topic/hack-14/page/4/#post-11915273)
 * Same issue, i used updraft backups and update last version of AAM (5.9.9.1).
   
   I don’t know if it’s fixed but i noticed this : “5.9.9 : Fixed security vulnerability
   reported by “Props to Ov3rfly””
 * I checked my hacked database :
    INSERT INTO `wp_options` (`option_id`, `option_name`,`
   option_value`, `autoload`) VALUES (1, ‘siteurl’, ‘[https://js.wiilberedmodels.com/zls.js?foup&#8217](https://js.wiilberedmodels.com/zls.js?foup&#8217);,‘
   yes’), (2, ‘home’, ‘[https://js.wiilberedmodels.com/temps?tt=2&&#8217](https://js.wiilberedmodels.com/temps?tt=2&&#8217);,‘
   yes’),
 *  [maagaardweb](https://wordpress.org/support/users/maagaardweb/)
 * (@maagaardweb)
 * [6 years, 9 months ago](https://wordpress.org/support/topic/hack-14/page/4/#post-11915287)
 * [@marc77](https://wordpress.org/support/users/marc77/) To block IP I insert this
   into .htaccesss?
 * Order Deny,Allow
    Deny from 178.128.193 Deny from 50.63.162
 * Is this correct?
 *  Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/)
 * (@ipstenu)
 * 🏳️‍🌈 Advisor and Activist
 * [6 years, 9 months ago](https://wordpress.org/support/topic/hack-14/page/4/#post-11915333)
 * This post has gotten a bit out of hand so I’m closing this. It’s impossible to
   help people anymore.
 * AAM has been patched. If you’re using that, upgrade.
 * We recommend people make their OWN support posts to get help, as most issues 
   are not the same between users.

Viewing 6 replies - 46 through 51 (of 51 total)

[←](https://wordpress.org/support/topic/hack-14/page/3/?output_format=md) [1](https://wordpress.org/support/topic/hack-14/?output_format=md)
[2](https://wordpress.org/support/topic/hack-14/page/2/?output_format=md) [3](https://wordpress.org/support/topic/hack-14/page/3/?output_format=md)
4

The topic ‘Hack’ is closed to new replies.

## Tags

 * [wordprss](https://wordpress.org/support/topic-tag/wordprss/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 50 replies
 * 14 participants
 * Last reply from: [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/)
 * Last activity: [6 years, 9 months ago](https://wordpress.org/support/topic/hack-14/page/4/#post-11915333)
 * Status: resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics