I recently took over a new website to do some SEO for them.
The version of wordpress that they were using was 3.4.2 - I hadn't gotten around to doing anything on the site yet and got up this morning and noticed that the website has been hacked. this is what it says:
[+] Gaim404 [+]
[+] ./xCAD [+]
[+] MR XGhoLund [+]
[+] ./KIKI404 [+]
[+] Nabilah Dot ID [+]
[+] Special Thanks [+]
[+] Allah [+]
[+] Atjeh Cyber Army [+]
I have downloaded the files and can see that some of the theme files have malicious code injected into them and has over written the theme template files: index.php and 404.php
I have contacted their host "fasthosts" and they have no backup, I have contacted the original theme developer and he claims not to have any backups of his design - I was going to load a fresh wordpress install and then copy a fresh theme install and rebuild the pages but that is a dead end.
When I delete the code from index.php and 404.php - wordpress tells em that the theme is incomplete.
I have looked at the SQL database and it appears to be ok.
What can we do now besides a complete site redesign? I have read through all the tutorials but I cannot clean the theme files because the original code in the theme files have been replaced??