Support » Fixing WordPress » site got hacked! now trying to restore it

  • hello,
    my site got hacked a week ago, and now i’m trying to restore it.
    yesterday i manage to upgrade to WP2.6.2 but now i get these errors inside the admin:

      Warning: is_dir(): Stat failed for /hsphere/local/home/moisasco/ (errno=13 – Permission denied) in /hsphere/local/home/moisasco/ on line 140

    and i have three small questions regarding this:

    1. the hackers manage to created a index.html file (with their message) inside the root of the server. i have deleted that file, do i need to create a new index.html that links to WordPress content?
    2. i also realize that there is a hidden file on the root called “.wxprd” created on the day of the hacking. should i delete this?
    3. i am not sure if i should delete everything inside WordPress folder and then re-build my site using “wordpress.2008-10-20.xml” of saved post and pages?

    Thanks very much for your attention, i’m at this point which i’m not sure what is happening inside is easily solved or if i need to re-install everything.
    Best regards,

Viewing 5 replies - 1 through 5 (of 5 total)
  • If your site was hacked, my best advice would be to wipe everything and reinstall from your backups. You might catch one file here and there, but they might have added lines to your database or external calls in legitimate files as well. I’d recommend restoring your backup and then immediately upgrading to the latest version of WP just to be safe … and changing your and all of your other users’ passwords right after.

    thanks for you advice ericmann.
    i’m going to follow it and try to restore my local backup.
    i appreciate your input, best regards,

    something strange happen again (strange to me cause i’m a newbie for sure!):

    • yesterday i upgraded to WordPress 2.6.2 and nothing changed (still had errors on control panel, no theme linkage and plugins were all missing)
    • today i went back to and suddenly the site was on! then i changed the theme from default to the custom grid-focus and now all (on the skin) is working just fine…
    • so as for now, no more errors on the WordPress control panel, but plugins are still reading all errors:
    • Warning: is_dir():
      Stat failed for /hsphere/local/home/moisasco/ (errno=13 – Permission denied) in /hsphere/local/home/moisasco/ on line 53

    i understood there must be a lot of corrupt files and i don’t know how to solve the plugin issue.
    so i guess i really have to revert to backup (even if that one is more than a month old)…
    but can you advise on another way to restore this?
    is there any way (as a “sand-box”??) to make a compromise with what i have, so not to lose so much info?

    thank you, i really apreciate your advice,

    The error says that for some reason WordPress don’t have enough permission to read plugin directories. Make sure those directories have read and execute permissions for all, not just you.

    I’d remove all plugins and their directories and then replace them with fresh files.

    If you still can install new plugins, try some exploit scanners like WP Security Scan or WordPress Exploit Scanner.

    thanks UseShots for your suggestion.
    one question: i just changed all permissions inside WordPress for 755(directories) and 644(files). should plugins have a different chmod?
    best regards, mónica

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘site got hacked! now trying to restore it’ is closed to new replies.