Title: Malicious Hack Attack Last modified: August 30, 2016 --- # Malicious Hack Attack * [Frish](https://wordpress.org/support/users/frish/) * (@frish) * [10 years, 6 months ago](https://wordpress.org/support/topic/malicious-hack-attack/) * Hello, * My website, tima-ps.com, has been the target of a propaganda hack! They have interposed a page featuring a graphic & text over all of the pages on my site. I have visited the FAQ and plundered Google to the best of my ability, and here is the relevant information I have come up with: * My first clue appeared when I navigated to the login page, where you can see the code that has been used in the hack, [here is a screenshot ](http://tinypic.com/r/2n72pl5/8) * I did some research and it seems that I’m not the only one suffering from this attack, though I did not find any solutions mainly just news. * I have changed passwords to every connected account including the db, and disabled all plugins just in case. * I went through the site directory (via cPanel) and examined any file I thought may contain malicious code or reference to malicious code. I don’t feel that I’ve covered everything, or even know that I haven’t passed over some subtle clue but there is nothing glaring. Throughout this process I checked permissions to see if any were out of wack, and prioritized searches based on when the file was last updated. * Another resource I used was the log file, going through (mainly POST) entries to see if anything suspicious surfaced. * That’s all that comes to mind at the present, I’ll update as I go. If anybody has suggestions or solutions, please feel free to weigh in while I try and sort this out! Viewing 7 replies - 1 through 7 (of 7 total) * [divinest](https://wordpress.org/support/users/divinest/) * (@divinest) * [10 years, 6 months ago](https://wordpress.org/support/topic/malicious-hack-attack/#post-6621588) * Same here. My client’s site got hacked too this morning. [http://tinypic.com/r/2ag5g75/8](http://tinypic.com/r/2ag5g75/8) * Some idiots have nothing good to do. They hacked the IP addresses from 100.42.56.12 based somewhere in the US. * Hope you’re site is up now * Thread Starter [Frish](https://wordpress.org/support/users/frish/) * (@frish) * [10 years, 6 months ago](https://wordpress.org/support/topic/malicious-hack-attack/#post-6621590) * No such luck I’m afraid.. I’m hoping that once somebody finds the answer they will make it public. If I can find out where the source is then I’ll certainly post it here. Good luck! * [noideawhatimdoing](https://wordpress.org/support/users/noideawhatimdoing/) * (@noideawhatimdoing) * [10 years, 6 months ago](https://wordpress.org/support/topic/malicious-hack-attack/#post-6621679) * *sigh….me too. Exactly the same as you Frish. I went one step further & actually logged into my wp-admin. If I click on anything in updates it goes to a black screen with a message that reads HackeD By Matrix Dz & Gang Dz Dear Admin, This Was Not A Joke Or Dream, This is F____g Reality Free Hanza Bendelladj Greet’z to: **here it lists another 7 handles that I assume are other people I don’t like.** Contact Fb.com/Matrix.Dz.09 I currently have my web host resetting my site to before the hack. I assume this will only be a temporary fix. I know slightly less than nothing at all about the back side of my web page so am at a loss here. * [barnez](https://wordpress.org/support/users/pidengmor/) * (@pidengmor) * [10 years, 6 months ago](https://wordpress.org/support/topic/malicious-hack-attack/#post-6621682) * a) You will need to work carefully through this resource: [https://codex.wordpress.org/FAQ_My_site_was_hacked](https://codex.wordpress.org/FAQ_My_site_was_hacked) * b) And then once you site is clean work through this: [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress) * You also have the alternative of restoring your site from a known clean backup of your site files and database (safely pre-hack) and then changing all your users names and passwords (WordPress/cPanel/database/FTP). This can be a much less painful process than cleaning the site if you have that good backup, although you would still be wise to do the hardening suggested in (b). * Good luck! * Thread Starter [Frish](https://wordpress.org/support/users/frish/) * (@frish) * [10 years, 6 months ago](https://wordpress.org/support/topic/malicious-hack-attack/#post-6621684) * I agree completely, barnez. * [noideawhatimdoing](https://wordpress.org/support/users/noideawhatimdoing/) * (@noideawhatimdoing) * [10 years, 6 months ago](https://wordpress.org/support/topic/malicious-hack-attack/#post-6621685) * Thanks Barnez, I have read through both your links and will give them a go – not sure that I will get everything right, there are some bits that make no sense at all! I have restore underway from a clean backup (being done by my hosting site) so will get cracking on the Hardening as soon as it’s done. * [barnez](https://wordpress.org/support/users/pidengmor/) * (@pidengmor) * [10 years, 6 months ago](https://wordpress.org/support/topic/malicious-hack-attack/#post-6621694) * > not sure that I will get everything right, there are some bits that make no > sense at all! * Just tackle what you can and make a note of what seems tricky. Lots of the advice relates to the `.htaccess` file which is very sensitive, but it’s also very powerful. Make sure you keep backup copies of every file you change, consider installing a plugin to take [daily/weekly backups](https://wordpress.org/plugins/backupwordpress/), and use the forum here if you get stuck. * Hope the restore works out. Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘Malicious Hack Attack’ is closed to new replies. ## Tags * [malicious](https://wordpress.org/support/topic-tag/malicious/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 7 replies * 4 participants * Last reply from: [barnez](https://wordpress.org/support/users/pidengmor/) * Last activity: [10 years, 6 months ago](https://wordpress.org/support/topic/malicious-hack-attack/#post-6621694) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics