Hacked by Hacker: Semi Fix but help needed (5 posts)

  1. nkosazana
    Posted 3 years ago #

    My websites and client websites were hacked yesterday, 16 December 2012. It only showed 'hacked by hacker' on the home page and I couldn't access the admin.

    The following files were compromised and I restored them from my back up:

    header.php in my theme
    index.php in my theme
    index.php in the main folder
    .htaccess in the main folder

    (I am using 'Responsive' child theme by the way)

    My site shows again but i can't access the admin log in form. Some of my text widgets are displaying default text rather than my own content, and my CSS file seems to be modified as well. The 'WP site-name' php shortcodes also seem to be corrupted, as it no longer shoes 'Copyright 2012 MY SITE NAME', but shows "© 2012 +ADw-/title+AD4-hacked by hacker+ADw-DIV style+AD0AIg-DISPLAY: none+ACIAPgA8-xmp+AD4"

    cPanel shows the IP address and referring url of the hackers:

    It corresponds to the file modification dates. The above link shows my site however... I've blocked them with cPanel you should probably do the same. I also updated WP via cPanel on one of my sites, but everything is not back to normal.

    I have a backed up version of my site on my computer. I may ask my host to reset my server and then upload the backed up version and change all passwords and install plugins.

    So annoying! These guys are losers.

    Hope this helps anyone in the same situation. Anyone been able to restore their sites completely? Please share with us how you did it.

  2. kwestfehling
    Posted 3 years ago #

    Hi. Did you get a fix for this at all? I have the same problem, I see you did not get any response this this post.

    Please let me know. [moderated] Thanks

  3. Mark Ratledge
    Forum Moderator
    Posted 3 years ago #

    @kwestfehling: Work your way through these resources and follow all instructions to completely clean your site or you may be hacked again. See FAQ: My site was hacked « WordPress Codex and How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress and Hardening WordPress « WordPress Codex.

    Change all passwords. Scan your own PC. Use http://sitecheck.sucuri.net/ before and after.

    Tell your web host you got hacked; and consider changing to a more secure host: Recommended WordPress Web Hosting

  4. kwestfehling
    Posted 3 years ago #

    Thanks for the info.

    First off I did a site scan using http://sitecheck.sucuri.net/ and it says I dont have malware & there are no threats found.
    I however do, my site has been hacked by Hacked By VIRTUAL+ADw-/title+AD4.

    http://www.web-development.co.za is my url.

    Please help me, I am in desperate need to fix this ASAP. Thank you in advance.

  5. kwestfehling
    Posted 3 years ago #

    Hi again. How do I find out when my site was hacked so that I know when to restore a backup ?
    Also do I just delete and replace the contents of the public_html folder or do I need to also do something else?

Topic Closed

This topic has been closed to new replies.

About this Topic