Hacked by ghost-dz Algerian Hacker (3 posts)

  1. ramiro100
    Posted 4 years ago #


    I hope someone can help me.

    the page 404.php from All my sites are hacked and change passwords and also admin user by the "admin" defaul user.

    I don't know what is the problem, I updated de WP system the themes, etc.
    But is hacked again.

    Any help would apreciated because I'm desesperate.


  2. Andrew Bartel
    Posted 4 years ago #

    You have manual access to the database through something like phpmyadmin through your hosting provider yea?

    Find your admin username, change the password to whatever you want (you won't be able to log in with this because the passwords are hashed), change the email back to yours and run password recovery when trying to login.

    Then choose a long, complex, secure password this time.

  3. MickeyRoush
    Posted 4 years ago #

    Since I'm not sure what resources you've already used, I've compiled an organized list of links here so that you won't have to scour the web. Some may not be necessary and some you may have already followed through. You'll just have to work your way through them.

    Check your site(s) here:
    1. http://sitecheck.sucuri.net/scanner/
    2. http://www.unmaskparasites.com/
    3. http://www.virustotal.com/
    4. http://www.phishtank.com/
    5. http://www.browserdefender.com/
    6. http://ismyblogworking.com/
    7. Google Safe Browsing (to access a site's google info, add their domain to the end of this):

    Backup everything and put that backup somewhere safe. This is in case you have problems later on. Even though you could be backing up infected files, it is more important to have a backup up of your work, for if you make a mistake cleaning your site, you will still have the backup(s).
    1. http://codex.wordpress.org/WordPress_Backups
    2. http://codex.wordpress.org/Backing_Up_Your_Database
    3. http://codex.wordpress.org/Restoring_Your_Database_From_Backup

    Then read these:
    1. http://codex.wordpress.org/FAQ_My_site_was_hacked
    2. http://wordpress.org/support/topic/268083#post-1065779
    3. http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    4. http://ottopress.com/2009/hacked-wordpress-backdoors/
    5. http://wpmu.org/why-you-should-never-search-for-free-wordpress-themes-in-google-or-anywhere-else/
    6. http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

    If you have indications of possible timthumb hacking, please read these:
    1. http://blog.sucuri.net/2011/08/timthumb-php-security-vulnerability-just-the-tip-of-the-iceberg.html
    2. http://markmaunder.com/2011/08/02/technical-details-and-scripts-of-the-wordpress-timthumb-php-hack/
    3. http://www.wpbeginner.com/wp-tutorials/how-to-fix-and-cleanup-the-timthumb-hack-in-wordpress/
    4. http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/

    Once your site is clean, then read this:
    1. http://codex.wordpress.org/Hardening_WordPress
    2. http://codex.wordpress.org/htaccess_for_subdirectories
    3. http://www.studiopress.com/tips/wordpress-site-security.htm

    If you believe your personal computer (not your host server) is infected please read these:
    1. MajorGeeks.com malware removal:
    2. MajorGeeks.com how to protect yourself from malware:

Topic Closed

This topic has been closed to new replies.

About this Topic