Title: Hacked – Twice Last modified: August 18, 2016 --- # Hacked – Twice * [mac1205](https://wordpress.org/support/users/mac1205/) * (@mac1205) * [18 years, 9 months ago](https://wordpress.org/support/topic/hacked-twice/) * Recently on two of my sites I have been hacked. world-importing and another ( one which isn’t even “released” yet). the world-importing.com website has now been upgraded and all files deleted and re-uploaded . Though I believe the issue should be fixed it’s not. visit world-importing.com and it still attempts to redirect to the hackers website. My knowledge of coding is pretty limited so all my attempts at searching through each file for a line with a redirect script to the website has been futile and seeing as i reuploaded all the files it can’t be from there. * I really don’t know where to go and if people could re-iterate exactly what files need to have permissions and what not that would be useful for me once this problem is solved. * This is becoming increasingly frustrating… another question is that I think someone is posting my websites on hacking forums/newsgroups to get revenge . Hence the 4 attacks in a short space of time. Is there anyway I could verify this or find out why all of a sudden the hackers are trying to get at me… All help is appreciated, greatly. Viewing 11 replies - 1 through 11 (of 11 total) * Thread Starter [mac1205](https://wordpress.org/support/users/mac1205/) * (@mac1205) * [18 years, 9 months ago](https://wordpress.org/support/topic/hacked-twice/#post-599523) * To further this , I have just found that nothing has changed since the deleting/ uploading of the new files/ upgrade. Today/Tomorrow are very important days for my blog with information regarding legal action against the site being shown to readers as well as an updated skin/site expansion. I feel extremly downheartened. * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [18 years, 9 months ago](https://wordpress.org/support/topic/hacked-twice/#post-599524) * _Though I believe the issue should be fixed it’s not._ _ My knowledge of coding is pretty limited so all my attempts at searching through each file for a line with a redirect script to the website has been futile and seeing as i reuploaded all the files it can’t be from there. * you would be surprised where ppl hide things. I found malicious code in a guys wp-settings.php, once .. They also like to use javascript encoding to hide things. * If you want, zip up **all** of your WordPress files, including the config, (you can xxx out anything that you dont want me to see) and I’ll happily find the ‘ evil code’ for you. * send it off in a **zip** to : * whoo AT (remove all of this please) village-idiot.org * [Dgold](https://wordpress.org/support/users/dgold/) * (@dgold) * [18 years, 9 months ago](https://wordpress.org/support/topic/hacked-twice/#post-599532) * that is awesome whooami I don’t know how you do it but that is neat if you can find it like that * good luck MacNumbers * p.s. from what I’ve been told you need the permissions (chmod) 644 on files, others can tell you more, also check the Codex under “Hardening WordPress” * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [18 years, 9 months ago](https://wordpress.org/support/topic/hacked-twice/#post-599536) * Check your e-mail Mike .. its in your database.. * you will need to find that link, its been added to your blogroll. * then you need to change ALL your passwords * then you need to upgrade to 2.2.1 * 2.1.x is not a secure version of WP to be using * I’m off for a while but if you need anything just give me a shout. * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [18 years, 9 months ago](https://wordpress.org/support/topic/hacked-twice/#post-599537) * actually, scratch that, I fixed it for you.. * this is what I did: * your main page redirects, so what you do is go straight to your wp-login.php .. * I logged in, went into your blogroll and deleted the link. * See image here: * [http://www.village-idiot.org/broke/mike.gif](http://www.village-idiot.org/broke/mike.gif) * now, I also noticed that that says your running 2.2.1 however the version.php that I saw in your rar said you running 2.1.3 * I hope that you are doing the upgrade and thats why I see a different version 🙂 * Thread Starter [mac1205](https://wordpress.org/support/users/mac1205/) * (@mac1205) * [18 years, 9 months ago](https://wordpress.org/support/topic/hacked-twice/#post-599586) * Hey , Just emailed you and the problem isn’t really solved. Some of the links in my admin still redirect to the hackers page . I can’t seem to find any code in the actual files . * Regards and thanks alot for helping. * [cornell_finch](https://wordpress.org/support/users/cornell_finch/) * (@cornell_finch) * [18 years, 9 months ago](https://wordpress.org/support/topic/hacked-twice/#post-599587) * Did you upgrade all your files to 2.2.1 as Whooami suggested in a previous post? * Replacing all the files will reset the settings in your admin to their default locations. * Did you also change all your passwords (including your FTP one)? * Thread Starter [mac1205](https://wordpress.org/support/users/mac1205/) * (@mac1205) * [18 years, 9 months ago](https://wordpress.org/support/topic/hacked-twice/#post-599589) * Yes I did. It hasnt been rehacked this is from yesterday . It’s when I click on Users in the admin panel , it loads the page and redirects it straight after to the hackers page. I think they have inserted something into the database… * I have also found out how they got access. Via the upload folder perhaps the permissions weren’t set correctly. … This is so stressful. * Thread Starter [mac1205](https://wordpress.org/support/users/mac1205/) * (@mac1205) * [18 years, 9 months ago](https://wordpress.org/support/topic/hacked-twice/#post-599591) * Pffffffffffffff. Finally got access to mysql and sorted out all the redirection scripts he had inserted into the database. thanks everyone for the help you have given me. * I now need to know exactly what folders need permissions and which ones dont. * Regards Mike * [whooami](https://wordpress.org/support/users/whooami/) * (@whooami) * [18 years, 9 months ago](https://wordpress.org/support/topic/hacked-twice/#post-599595) * _I now need to know exactly what folders need permissions and which ones dont._ * safe (for the most part) and sane: * directories: 755 files: 644 * that WILL prevent you from using the inline uploader and the theme editor. * [MrBig](https://wordpress.org/support/users/mrbig/) * (@mrbig) * [18 years, 9 months ago](https://wordpress.org/support/topic/hacked-twice/#post-599687) * i had the same problem then i crated a new MSQL User and deleted the old one. Viewing 11 replies - 1 through 11 (of 11 total) The topic ‘Hacked – Twice’ is closed to new replies. ## Tags * [hacked](https://wordpress.org/support/topic-tag/hacked/) * [Hackers](https://wordpress.org/support/topic-tag/hackers/) * [hacking](https://wordpress.org/support/topic-tag/hacking/) * [redirect](https://wordpress.org/support/topic-tag/redirect/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 11 replies * 5 participants * Last reply from: [MrBig](https://wordpress.org/support/users/mrbig/) * Last activity: [18 years, 9 months ago](https://wordpress.org/support/topic/hacked-twice/#post-599687) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics