WordPress.org

Ready to get started?Download WordPress

Forums

website hacked by ghost-dz (13 posts)

  1. chinochaos
    Member
    Posted 3 years ago #

    Hi,

    My website has been hacked and now whenever I try to enter my dashboard, the only message which appears says:

    $ Hacked by ghost-dz
    $ Osm Dz Attack

    When my website is visited, a message appears saying that the website contains dangerous things, and advises against visiting it. Firefox then stopped working on the computer I had viewed my website from, although I am not certain that this is related to the hack, although possibly it is. Therefor I would advise against visiting my website (www.footballargentina.com) but i include it incase it helps with any diagnosis.

    I also received an email from malwareblacklist.com, who told me the site had been hacked. they have a partner, sparktrust.com, who offer a free security scan of websites, to detect the location of any malware, but i cannot carry it out, as i cannot enter my dashboard, nor can i enter filezilla, as the password no longer works.

    Does anybody have any experience of this hacker and know how to deal with it? I have also written to my the domain host, but am waiting to hear back from them.

    Thanks for any help!

    Nick

  2. Samuel B
    moderator
    Posted 3 years ago #

  3. kritiks
    Member
    Posted 3 years ago #

    I had the same problem few hours ago
    message "$ Hacked by ghost-dz $ Osm Dz Attack"
    instead of dashboard and on main page.
    Wordpress 3.3
    One file (perms 644) in wp-content/themes/mytheme folder was rewritten somehow by "hacker".

  4. chinochaos
    Member
    Posted 3 years ago #

    hi kritiks,
    were you able to access your dashboard? how did you find out that file was rewritten? I'm at a bit of a loss, because all the articles above seem to require me needing access to either my dashboard or FTP client, neither of which I can now access...
    Is your website now working again?

  5. kritiks
    Member
    Posted 3 years ago #

    FTP/SSH access works for me, so I searched all changed files for the last day and found one changed (not by me) file.
    Now my website is working, but it is not clear how it was hacked.

  6. chinochaos
    Member
    Posted 3 years ago #

    ok, thanks for the info kritiks. i have written to my web host to try and get my ftp password reset, because otherwise i can't do anything. But i would still appreciate any advice from a wordpress moderator if there is something further i can do...

  7. roowilliams
    Member
    Posted 3 years ago #

    I think these so called hackers just look for files on web servers that are publicly writeable. I just fixed a site with the same problem - I had left a template file with permissions 755 and they'd written to it. Reuploaded the file from a back up I had and changed them to 644, all sorted now.

  8. The Hack Repair Guy
    Member
    Posted 3 years ago #

    Virtually all of the sites I repair for hacking are hacked due to the FTP user/password being stolen in some way. Occasionally a plugin will be the culprit.

    I recommend my clients review this when installing new plugins:
    Security Advisory

    As well as install the Bulletproof Security plugin I discuss here.

  9. silverlight001
    Member
    Posted 3 years ago #

    I also had this and renamed my current theme - reverted to the default - logged into to wp-admin.

    i then uploaded the ftp theme files and it looks OK.

    I have quite a few sites and many hosts cpanel's are running on out of date software and are fairly easily hacked from the web hosts "log a support ticket page" once you are into the hosts console you can then access cpanel from within this.

    BTW - my site was using the genesis theme

  10. The Hack Repair Guy
    Member
    Posted 3 years ago #

    It's possible you may have been hit by that old Timthumb compromise. Add and run the "Timthumb vulnerability scanner" plugin.

  11. gojcus
    Member
    Posted 2 years ago #

    Today I found that I've been hacked by thius guy. First I couldn't log in wordpress but next i asked for new pass. when I came in the dashboard everything was OK, but when i went to xtml easy validator the site poped up with hack messeage. Bultleproof was already instaled on my sistem. This what I get from:
    Security warning in the URL: http://smartsciencesolutions.si/404testpage4525d2fdc
    *Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01 <p align="center"><font size="10" color="#FFFFFF">Hacked by ghost-dz</font></p>

    Security warning in the URL: http://smartsciencesolutions.si/404javascript.js
    *Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01 <p align="center"><font size="10" color="#FFFFFF">Hacked by ghost-dz</font></p>

    What now? What should I do?

  12. adpawl
    Member
    Posted 2 years ago #

  13. Greenweb
    Member
    Posted 2 years ago #

    I believe that this "HACKER" ghost-dz is just brute forcing passwords. I use Limit Login Attempts plugin. No one solution is bulletproof but vigilance and common sense goes a long way.

Topic Closed

This topic has been closed to new replies.

About this Topic