My site has been hacked.
I have restored all files from backup
I have replaced the wordpress files with fresh ones
I can login to my WP admin and everything seems normal except the link to the site is bogus.
I have tried using the resources, but hitting dead ends.
It appears the database password may have changed, as I am unable to change it.
Something is preventing me from exporting my site using tools export in wp-admin
Go to your hosting control panel. It should have mySQL tools (often phpMyAdmin) to change DB passwords and save a copy of the DB. You can also move/copy your files about using the FTP app in cpanel or with a separate FTP client like Filezilla.
Thank you, Yes I know all of this. I can see the database in cpanel, but when trying to change the password to increase security it tells me my current password is wrong. Makes me believe someone hacked it and changed it. I am quite versed in FTP and can access the FTP files no problem, and can login via wp-admin. THe export function under tools in wordpress via wp-admin fail, IE it exports junk not the real files. But all efforts to remove the hack have failed, I conclude the problem must be in the database.
Go to http://revisium.com/aibo/, download Malicious Detector Tool and check your website. It supports several version of WordPress from 3.0 to 3.5.1. So it will bring you a list of shell scripts, malicious tools and code snippets, if any. To use just unzip archive and follow instruction from how to use.txt file.
DanMSchell, do you have ssh access to your website (server)?
You may want to request it from hosting support team. Having ssh is quite convenient for managing website. So I’d recommend to figure this out.
Once you get ip/login/pass you can use WinSCP5 free ftp/ssh client and Putty client to connect to server via SSH. Then upload ai-bolit.php files from archive, open a command line and run
Once report is created you need to go though all marked red. They will point you malicious or suspicious code within your wordpress. It can detect major set of hacking software with 90% probability.
Another approach is to get full backup of your website and check it locally. If you’re using Windows OS, then just install php on Windows (you can download it from windows.php.net).
Let me know if you’ve got questions.
Viewing 11 replies - 1 through 11 (of 11 total)
The topic ‘Hacked by iRaQi H4ck email@example.com’ is closed to new replies.