The Hack Repair Guy
Forum Replies Created
-
Forum: Everything else WordPress
In reply to: .htaccess HackedHi,
If you have done all the 3rd party checks, including unmaskparasites, then next you’ll need to review your Google Webmaster account.If you see any errors at Google Webmaster then verify they are fixed. And once verified then click the “Review” option and tell Google you are all clear.
Hi,
You could try a different approach with your host. I recommend asking them to assist you in recovering your website from a backup from prior to your website being hacked.Then once the backup is in place and your site is running you could promise them you’ll work to update your wordpress version, etc., to prevent it from being hacked as it has (due to outdated scripting).
Forum: Fixing WordPress
In reply to: Site hacked, any ideas?Hi,
Just double checking. Did you already clear this up?Forum: Fixing WordPress
In reply to: Site hacked via password changeSadly, if you are not able to ascertain how the hackers in logging in via your admin passwords, etc., and all appears fine scripting wise otherwise, then I recommend changing your web host.
At least that way you’ll have removed that from the checklist as a possible culprit as well.
Forum: Fixing WordPress
In reply to: Site hacked via password changeKeep in mind that if someone manages to guess at your admin password and is able to log in, then they have the ability to upload any file they choose (commonly called a “Back Door Script”). Once the back door script is installed hacker has total control of your website to upload or delete at their pleasure.
Suffice it say, if you are starting a new blog, the first thing you should do is set up a new user account, set the new user account to admin, then change the “admin” user to something other than administrator.
Forum: Fixing WordPress
In reply to: My site has been hacked and I can't remove itHi,
Your best course of action is first contact your host and get them to recover your website from backup. Once you have a clean copy in place then run (don’t walk) in making sure all your stuff is updated, all user/passwords changed, etc.Most hacked sites I work on are due to outdated plugins or theme. Try the “timthumb vulnerability scanner” once things are back in place. That may help identify any old timthumb scripts.
Then I recommend you make sure all is upgraded. Sadly, nowadays it’s rare for hackers to not leave a back door script in place (so hacker can hack your site again in future).
You’ll need to review every file on your website respectively to ensure none are out of place or were installed by hacker.
Forum: Fixing WordPress
In reply to: Website was hacked and the restore will not workIf your site is not functional you could try uploading the core files over what you have installed currently. If you know the version of WP you have installed on your site now, just jump over to the repository,
https://wordpress.org/download/
and upload the wp-admin and wp-includes and the php files in the same directory as wp-admin and wp-includes.That may possibly at least get you to a place where you can start clearing the hacker code and such.
Likewise, please be mindful that it’s rare for hackers to not leave back door scripts hiding in the shadows. So keep an eye out for oddly named files or files you’ve never seen before and closely review each.
Forum: Fixing WordPress
In reply to: WordPress Hacked?!!Hi,
While deleting plugins may help, that’s sort of like raking the lawn before the storm.That said, once hacker has compromised your site the steps above will help in clearing up the situation. Once you are done clearing up the site it’s time to work through your lesson’s learned:
– Keep your blog, plugins and theme updated (at least weekly)
– Delete all inactive plugins and themes
– Change all your passwords (dashboard, ftp)
– Move your site to a web host who provides daily malware scanning
– Look at external backup/monitoring services like codeguard and cloudsafe365Proactive security is key to your future success online.
Hi,
First you’ll want to replace the timthumb.php script with the latest version, found here:
https://timthumb.googlecode.com/svn/trunk/timthumb.phpThen I recommend you make sure all is upgraded. Sadly, nowadays it’s rare for hackers to not leave a back door script in place (so hacker can hack your site again in future).
You’ll need to review every file on your website to ensure none are out of place or installed by hacker.
Forum: Fixing WordPress
In reply to: Site HackedI recommend deleting all inactive themes and plugins.
Themes and plugins are easy enough to reinstall if needed in future. Leaving old themes or plugins installed may degrade the security of your website (so why take a chance…).
Forum: Fixing WordPress
In reply to: WP Sites hackedHi,
Once of the first things I check with my clients hacked like this are the FTP logs, to see if hacker simply managed to steal your user/pass and directly upload the files “legitimately.”Contact your web host and ask them to confirm whether anyone was uploading files on that day/time the files were modified.
Likewise, note the change date of the files hacker had modified then review those date/times in your access log. There is a chance you’ll find something suspicious in the access logs as well.
Forum: Fixing WordPress
In reply to: Site HackedHi,
It’s more likely that a hacker specifically hacked that file, so you would be less likely to find it.I’ve worked with hundreds of websites all around the world who have used that theme and my experience says that file is not a hacker file.
You can confirm this by downloading a virgin copy of the theme and compare yours with the original (and I believe you’ll see your post is in error).
Client is stuck and has no one to help him get back to the pre-hack situation. Which leaves the easiest course of action (recovering from backup to at least get back to square one).
Hi,
It’s crazy that people do this, though you have some recommendations.1. Contact your web host. If your web host maintains daily and weekly backups, hopefully they will be able to recover your website from prior to this event.
Once they do so, you’ll want to make sure all of your passwords are changed and likewise ensure all scripts on your site are updated.
2. Web host has no backups Ok, so your web host has no backups. If this is the case, you’ll need to log into your website via FTP and start looking around for newly dated files, then work to remove any hacker code you find in them.
3. Then what? Well, once you clean things up it’s time to start looking at future solutions. Proactive security is your friend.
_x_ Check your scripts for version updates at least once a month.
_x_ Only host with a web host who maintains “weekly” backups and who does not charge for backup recovery.
_x_ Install Bulletproof Security and File Monitor Plus so you’ll know when changes are made to your website (and it’s free).
_x_ Change your WordPress admin pass and FTP pass at least quarterly (mark your calendar so you won’t forget).So these are the basics. While you can do a lot more by only hosting with web hosts who make security their top priority (i.e., discuss security on their home page), the above may at least get you back in the game.
Otherwise, I hope all goes well with you.
Also, see:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://ottopress.com/2009/hacked-wordpress-backdoors
http://hackrepair.com/blog/hackrepair-com-security-tips-and-hack-notes
http://www.unmaskparasites.com/Forum: Fixing WordPress
In reply to: Hacked and Login Email ChangedHi,
Your web hosting company is your best free option.Ask them to revert your website to an older backup. Then once they do so you I recommend you update all your passwords throughout, etc.
Likewise, because your WordPress 3.2.1 is outdated you’ll want to be sure to update both WP and all plugins quick-quick.