WordPress.org

Forums

[resolved] Please can someone explain me what has been done of my website !!????? (24 posts)

  1. ianmallet
    Member
    Posted 3 years ago #

    This is the image of what I see on my website !!

    This is the thing which I see on my wordpress website, which boasts components like "Bruteforce" and "String tools" and "Self remove" which makes me fear everytime I open the website

    Has my website been taken over by some hacker or something??

    Please if anyone can provide me with steps to get back my steps or throw some light over this thing it'll be really very helpful

    I'm ready to read stuff and perform things myself, but the thing is I'm unable to find anything on search engines even and yeah I'm not a google-dork

    God give you great heavens !!!

  2. esmi
    Forum Moderator
    Posted 3 years ago #

    Site url?

  3. alchymyth
    Forum Moderator
    Posted 3 years ago #

    I accidentally removed the image link - can you repost it?

  4. ianmallet
    Member
    Posted 3 years ago #

    Yes sure this is the link "http://i43.tinypic.com/qps9.png"

  5. esmi
    Forum Moderator
    Posted 3 years ago #

    No - can you actually post the url (address) of your site?

  6. ianmallet
    Member
    Posted 3 years ago #

    I can even provide couple of screenshots, but actually pasting the website's link will be very very dangerous for me as there are a lot of options that could really screw up my website

  7. ianmallet
    Member
    Posted 3 years ago #

    If only someone could provide me with some kind of content that I could read and solve out myself, I'd really appreciate that

  8. esmi
    Forum Moderator
    Posted 3 years ago #

    pasting the website's link will be very very dangerous for me as there are a lot of options that could really screw up my website

    Uh? All we're asking for is the address of your site. We can't access your Admin area.

  9. ianmallet
    Member
    Posted 3 years ago #

    No the index of my website shows up all this, it isn't about the admin area, even then I can provide you with access to the same content..please just let me transfer it all to my demo servers

    It will take an hour or something, I'll get back once I upload the complete content onto a different server making sure things are backed up

    I'm not being rude, I just want to ensure the security for my website

  10. esmi
    Forum Moderator
    Posted 3 years ago #

    Do you intend anyone to be able to view your site? Because that is all we are asking.

  11. ianmallet
    Member
    Posted 3 years ago #

    Yes for sure, I'm currently mirroring my primary website to one of my demo server, I'll just get back within 30 minutes or something

  12. ianmallet
    Member
    Posted 3 years ago #

    I found a user which has the same problem as mine and he has better described the problem.

    Unfortunately, when I mirror my website, it shows up correctly, at least for now, though there are some layouts and links which have gone missing, and that can be easily corrected by me

    If anyone can describe this problem as how it occurs and where should i accurately read all about it, it'd be a great help

    This is the link where the same problem has been faced Stack overflow Error wordpress

  13. esmi
    Forum Moderator
    Posted 3 years ago #

    If you cannot/will not post a link to your site, then we cannot really help you.

  14. ianmallet
    Member
    Posted 3 years ago #

    [Link removed]

    One of my demo server:

    This is the link of my website mirrored which now shows up the stuff which I was talking about

    I'm actually confused as the my website didn't show up anything before just a few minutes

    PLEASE DO NOT CLICK OR TRY TO USE THE "SELF REMOVE" AS I'M SURE THAT WILL BRING INAPPRECIABLE RESULTS FOR ME

    I'm really worried about it

  15. esmi
    Forum Moderator
    Posted 3 years ago #

  16. ianmallet
    Member
    Posted 3 years ago #

    The sucuri scanner says it's a javascript malware and though I'm not a very advanced programmer, but I observed that the website does not take me on any page..it just rolls on the index

    What can I replace at the core to get the website up?

    Thank you for the links, but can you please add something more to it, these are just some preventive measures that could have been taken while my site was breathing easy, but as of now I don't think it'll really help very much

  17. esmi
    Forum Moderator
    Posted 3 years ago #

    Now try actually reading some of the pages at those links. They are not preventive measures. They explain how to clean a hack out of your site.

  18. ianmallet
    Member
    Posted 3 years ago #

    There was some nasty code hidden in the plugins, though I haven't yet found what plugin contained the code, I just renamed the plugins folder and it went away, all of it !!

    Thanks buddy, great help !!

    I'll just install each plugin again and this time I'l take care I only install standard plugins and not from free filehosting websites...probably that was the cause of it

  19. esmi
    Forum Moderator
    Posted 3 years ago #

    I'l take care I only install standard plugins and not from free filehosting website

    Amen to that! :-)

  20. ianmallet
    Member
    Posted 3 years ago #

    I'm sure this is over, but I just wanted to bring out the cause which is very surprising for me, I just tried renaming each plugin's folder individually and shockingly it comes out to be akismet !!!

    Yes i've used the same API key everywhere, on my local system, and on my multiple websites, but I didn't download the source, the plugin was just there when worpress was installed which obviously you know well.

    Strange, maybe the hack requires akismet to compile itself, that's a bad idea, I know.

  21. esmi
    Forum Moderator
    Posted 3 years ago #

    it comes out to be akismet

    Sorry but it will not be an issue with the original Akismet plugin. Either it's another plugin, the hack was elsewhere or the plugin's files have been compromised by a hacker post-install.

  22. ianmallet
    Member
    Posted 3 years ago #

    I found that the original akismet.php in the akismet folder had been compromised, I don't know how, but it was because I took it on my local server and when I tried to run the akismet.php it all loaded up !!

    http://pastebin.com/CrbRZt2E this small file of 23 KB made my day :D

    Pheew..I'm so relieved and happy finally !!!!!!!

  23. I really don't want to rain on your parade. But unless you delouse and close the doors that that attacker got in via, you're going to have a repeat of this again.

    If you haven't done so already, please go through those links Esmi provided you above.

  24. ianmallet
    Member
    Posted 3 years ago #

    Yes sure, I've tightened the security in every possible manner and I thank Esmi and you people for helping me out !!

Topic Closed

This topic has been closed to new replies.

About this Topic