my site hacked, could use more help... Thanks (7 posts)

  1. alison@alisonperry.net
    Posted 3 years ago #

    My wordpress site was hacked. I've done three things so far:

    At first I thought it was a simple script that duplicates as "pending posts" in my blog bar. Now I think it's more serious. The hacker disabled the Published Content "category" link where the pending posts are displayed... so that I can't delete it. His ad scripts keep duplicating.
    When I went to delete this category I saw I couldn't then changed the category to "hacker." He then let me know he was on my site by scrambling some of my content and deleting other content.

    I set up three security systems, deleted unused plugins, then quit the Foxfire browser I was using, opened Google Chrome did a search for my site: http://www.alisonperryart.com, clicked the url and was directed to this red flag window:

    This is probably not the site you are looking for!
    You attempted to reach http://www.alisonperryart.com, but instead you actually reached a server identifying itself as *.bluehost.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version ofwww.alisonperryart.com.
    You should not proceed, especially if you have never seen this warning before for this site.

    I updated all plugins and themes, then logged out of my site, then attempted to change my url login administrator password and got this message:

    The e-mail could not be sent.
    Possible reason: your host may have disabled the mail() function...


  2. Krishna
    Posted 3 years ago #

  3. stfox38
    Posted 3 years ago #

    Hi Allison,
    I just went to my infrequently used blog and found the title had been changed to "Hacked By Badi Fuck Ghassen Jebari" .
    Everything else seems to have been untouched. When I viewed the source I found that code had been inserted and php bloginfo('name') came out as shown. I suppose that I need to find where that php info is stored and change it, but I'm not sure where that is.
    Also, I have no idea if that is all that was done.
    I have two other sites on the same hosting site and neither of them was touched. It seemed to be just the WordPress blog.
    I hope someone will help us both out.
    Good luck


  4. stfox38
    Posted 3 years ago #

    Just checked back and saw the support links so I will try to see what happened and keep it from recurring.
    Meanwhile, I logged in as admin, deleted the blog name and replaced it with the correct name. That solved my problem and I don't know if there was any further intrusion or whether this was just thumb-your-nose prank.
    I hope it was that, but I'm going to try to harden my site just for drill.
    Good luck, Allison. I hope your troubles are just as small.

  5. alison@alisonperry.net
    Posted 3 years ago #

    Hi Stephen, Unfortunately Wordfence Security has locked me out of the site, so I can't get in to check that same code. I've requested feedback from them 3x today, still no reply.

  6. alison@alisonperry.net
    Posted 3 years ago #

    I'll contact BlueHost, see if they can get me in.

  7. bcworkz
    Posted 3 years ago #

    You should be able to disable security plugins by changing the folder name that contains the plugin using FTP. All plugin folders reside at wp-content/plugins/. Actually, you can view all the code on your site via FTP, and all database content can be viewed somehow through your hosting control panel, often something like "phpMyAdmin".

Topic Closed

This topic has been closed to new replies.

About this Topic