Site has been hacked (5 posts)

  1. vjarvelainen
    Posted 3 years ago #

    Just found out that my site http://villejarvelainen.com has been hacked. They changed my password, but I was able to get a new one, apparently they didn't touch the email.

    The problem is that I don't know where's the problem. Admin panel seems to be working okay, but I can't visit the blog itself. I've been trying to search the web for similar cases, but I can't find anything useful. Or maybe I don't know where to look.

    What should I do? I have a backup of my blog folder I took from my FTP couple of weeks ago. I wonder if I can just throw that in on top of the current, obviously hacked folder and overwrite it. Would it break the whole thing?

  2. vjarvelainen
    Posted 3 years ago #

    I found this from the Main Index Template (index.php):

    [Code moderated. Please do not post hack code blocks in the forums. Please use the pastebin]

  3. chrissmit
    Posted 3 years ago #

    Nice hack! (actually not)

    Good thing you have a backup. Not many don't.

    If you've got a backup you shouldn't worry.

    Just restoring and uploading the files and overwriting current files is not safe enough.

    Couple of steps I would take:
    Clean your Internet browser cache first.
    Scan your current backup with your (updated) virus scanner on your computer (you don't want to upload the virus yourself)
    Change your admin password (make it strong!)
    Change any FTP passwords and make them strong too.
    Back up your site (and database) again. Make SURE you don't overwrite your GOOD backup! You can use this for further reference.
    Fully delete your WP install (you've got a backup right?)
    Check the root dir of your host for files that should not be there or were not there.
    Once that's done, you can upload your backup files.
    Once that's done, your site should be working again.

    You're not done yet...
    Now you need to change your "Secret Keys" in your wp-config.php file. For this you go here: https://api.wordpress.org/secret-key/1.1/salt/ (this will invalidate any cookies on malginant computers who would still be able to log in).
    Copy paste those in the wp-config.php file.
    Now change the password of your WP MySQL database. Of course both of the database and then in your wp-config.php file.
    Site still up and running?
    If so you should change your admin password again (WP backend).

    Follow these steps one by one in this order and you should be OK.
    Did I miss anything?

    Good luck (just had the same problem)

  4. esmi
    Forum Moderator
    Posted 3 years ago #

  5. vjarvelainen
    Posted 3 years ago #

    Thanks for the advice, chrissmit and esmi.

    However, I found out that I wasn't running the latest version of my theme. I updated my theme and suddenly everything was up and running like it should. I'm quite sceptic, whether I should leave it as it is, but since I don't have that much content on my site, it could be an option (I have backed up my site). I changed my admin password and I'm about to change my FTP's passwords too. We'll see.

Topic Closed

This topic has been closed to new replies.

About this Topic