WordPress.org

Support

Support » How-To and Troubleshooting » [Resolved] Has my blog been hijacked.

[Resolved] Has my blog been hijacked.

  • On Nov 25 I added two ads to my site that were recommended as traffic boosters. That is the only changes I made. Since that time, my traffic has dropped by 75%, and has almost the exact number of hits for the last 4 days. This is my .htaccess file. Does this look normal?

    ‘# BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress’

    I obviously am not well versed on these.

    Thanks

Viewing 15 replies - 1 through 15 (of 19 total)
  • mrkingid
    Participant

    @mrkingid

    the file is fine.

    buddha trance
    Member

    @buddha-trance

    Your .htaccess file looks normal.

    Did you consider the drop in traffic could be due to Thanksgiving weekend… though 75% seems a lot.

    Delete the ads immediately, to see if this makes a difference.

    i deleted the ads, now looking at other hack posts for issues

    the hack was launched before thanksgiving to make people think their traffic drop was due to the holidays.

    type your site into google. click it through google. does it redirect? it will work fine if you type it into your browser.

    then do everything in these links:

    http://www.getrichslowly.org/blog/20…sultsnet-hack/

    http://ocaoimh.ie/2008/06/08/did-you…te-get-hacked/

    and follow the steps in this thread too:

    http://wordpress.org/support/topic/168964?replies=45

    clean up your wp-blog-header.php, wp-info.txt, any files with odd extensions, an invisible user “wordpress” might have been created so check your database.

    also upgrade wp, change your passwords etc. file permissions may have been changed also.

    look at the rank for the site they are redirecting to.

    http://www.alexa.com/data/details/traffic_details/sattan.org

    my estimate hundreds of thousands of blogs have been hit.

    Bob, thanks for the tips. Hate to be slow, but how do i tell if it redirects? The site is ‘http://www.yourcruiseyourway.com’

    buddha trance
    Member

    @buddha-trance

    @gatorgse

    Bob mentions it in his reply “type your site into google. click it through google. does it redirect? it will work fine if you type it into your browser.”

    Buddha, thanks. I did that but it moves through kind of quick, and I’m not really sure what I’m looking at. Sorry to be a dunce 🙂

    all I see after yourcruiseyourway dowen the bottom is a google syndication thing which I have google ads on the site. I think that’s what that is ofr

    actually it doesn’t look like it’s redirecting right now. but it appears some other sites that i knew were affected aren’t either …?

    just to be sure also upgrade wp, change your passwords, clean up your wp-blog-header.php, delete wp-info.txt and any files with odd extensions, an invisible user “wordpress” might have been created so check your database.

    is all your traffic search traffic? you might have just simply lost some rankings.

    buddha trance
    Member

    @buddha-trance

    @gatorgse

    I just checked clicking on your site through Google and it doesn’t redirect to any other site. So you are fine in that respect.

    I would still read the links and follow the steps that Bob gave you above, just to be sure.

    Thanks Buddha. I think I may try the old database trick. Two of the three links above go to 404 pages. Thanks again for your assistance. It is MUCH appreciated

    Well, being a novice I have decided to pay GoDaddy $150 to restore me back to 11/23 which is 2 days before the dropoff in traffic. Hopefully that will do it. What a gut wrenching feeling when some a**hole comes along and steals a year’s worth of hrad worth for a few bucks. This serts me back 20 years in my progress of getting along with folks from around the world. Sad state (: Thanks to all who helped in this forum 🙂

    ultimately, that falls on you.

    heres the deal:

    http://74.125.95.132/search?q=cache:h43lkkG3b1EJ:www.yourcruiseyourway.com/resources/state-attorney-general-offices/+www.yourcruiseyourway.com&hl=en&ct=clnk&cd=2&gl=us

    thats a cached page from the 21st.

    and unless you did the snoopy fix without bumping your version.php you were one version behind right there.

    Keep up with upgrades. Its the best defense you have.

Viewing 15 replies - 1 through 15 (of 19 total)
  • The topic ‘[Resolved] Has my blog been hijacked.’ is closed to new replies.