The Hack Repair Guy
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Has my site been hacked?If you have managed to get everything updated and working probably don’t need to overwrite the files.
Though you’ll want to keep an eye on your site for a good while. Cloudsafe365 plugin may be worthwhile to check out.
Forum: Fixing WordPress
In reply to: Hacked and all my sites now have impossible cialis and viagra pagesIt’s very likely that you missed the back door hacker scripts. So while you did your best to clear up the “symptoms” of the hack, the actual “bug” was/is possibly still hiding in the background, saved to look like a generic wordpress file.
Forum: Fixing WordPress
In reply to: Has my site been hacked?Hi,
Don’t lose hope just yet.
When I go to your site, I see an error with a file in your includes directory. Often this just means some files were mangled.So this is what you do first.
– I see you are running an ancient version of WordPress, version WordPress 2.9.2, which explains how/why you may have been hacked.
You’ll want to confirm this is your version by logging into your dashboard (if you can).
– Go to Wordpres.org and download the same version here to your computer:
https://wordpress.org/download/
– Next, extract the file and note the two directories:
wp-admin
wp-includes
– Now, open your FTP software and upload just these two directories over your existing wp-admin and wp-includes directories.If all goes well, at least you’ll have overwritten any broken files, and can log into your dashboard so you you can work through updating all of your plugins and WP.
Forum: Fixing WordPress
In reply to: Hacked and all my sites now have impossible cialis and viagra pagesHi,
Sadly I see this fairly often. What may have happened is that your website was actually hacked months ago, and hacker left behind some sneaky back door scripts. While you dutifully updated and did all the right things, you may have missed the actual hacker files which are often disguised to look legitimate.So you have a few potential issues here:
1. Possible back door scripts you’ll need to locate.
2. It’s possible your database was compromised, which means you’ll need to have someone dig into it through phpMyAdmain and root those out.
3. Double check your plugins as well. Delete all inactive plugins and inactive themes.This is really nice summary as well you may find helpful:
http://www.studiopress.com/tips/wordpress-site-security.htmForum: Hacks
In reply to: Sited HackedHi,
It’s crazy that people do this, though you have some recommendations.1. Contact your web host.
If your web host maintains daily and weekly backups, hopefully they will be able to recover your website from prior to this event.Once they do so, you’ll want to make sure all of your passwords are changed and likewise ensure all scripts on your site are updated.
2. Web host has no backups
Ok, so your web host has no backups. If this is the case, you’ll need to log into your website via FTP and start looking around for newly dated files, then work to remove any hacker code you find in them.3. Then what?
Well, once you clean things up it’s time to start looking at future solutions. Proactive security is your friend._x_ Check your scripts for version updates at least once a month.
_x_ Only host with a web host who maintains “weekly” backups and who does not charge for backup recovery.
_x_ Install Bulletproof Security and File Monitor Plus so you’ll know when changes are made to your website (and it’s free).
_x_ Change your WordPress admin pass and FTP pass at least quarterly (mark your calendar so you won’t forget).So these are the basics. While you can do a lot more by only hosting with web hosts who make security their top priority (i.e., discuss security on their home page), the above may at least get you back in the game.
Otherwise, I hope all goes well with you.
Also, see:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/
http://hackrepair.com/blog/hackrepair-com-security-tips-and-hack-notes
http://www.unmaskparasites.com/Forum: Fixing WordPress
In reply to: Latest stable release of WordPress (3.3.1) can be easily hacked?Amen brotha!
Forum: Fixing WordPress
In reply to: Latest stable release of WordPress (3.3.1) can be easily hacked?+1 link Jan, and must more relevant to the matter at hand. I’m a big fan of the Studiopress folks as well. Good peeps over there; a lot more security minded than many of the other theme vendors I’ve had to tangle with this year.
Forum: Fixing WordPress
In reply to: Latest stable release of WordPress (3.3.1) can be easily hacked?Hi folks,
I’ve not yet seen this behavior regarding WordPress 3.3.1
Installed and fixed many hundred WordPress sites this year. And when I stepped into the crime scene it became fairly obvious how the site(s) were hacked (passwords, running 3.04, etc.).I’ve yet to see a new installation with standard plugins and proper password(s) hacked.
So not really sure where the basis of this article comes from, other than possible fear mongering or frustration on the writers part.
As for Securi article linked above, not really worth reading. I’ll sum it up in one phrase: “if you leave your spare key on the concrete under the fake rock near your front door do you really think you are fooling anyone…”
That said, and respectfully speaking, just because I haven’t seen it does not mean it does not happen. Just saying…
Forum: Fixing WordPress
In reply to: My site has been hacked & I can't even access my admin. HELP!Yes, you are all good now.
Hacker had installed some back door scripts, after it appears they hacked your site through an old installation of the 1 Flash Gallery plugin. All your plugins and blog versions are now updated as well.And for good measure I installed the BulletProof Security plugin for you, installed a couple other security measures, and fixed a few web design related errors on your site. Looking much better now. 🙂
Google should have your site reputation cleared within 12 hours or so. Enjoy!
Forum: Fixing WordPress
In reply to: Site Hacked, First TimeOk, one trick here is to log into your File Manager or FTP software and sort the date column, so you can see the last modified date.
That should tell you the last time the files were modified and give you a last date/time when the hacker did their worst.
Forum: Fixing WordPress
In reply to: Site Hacked, First TimeHi,
Good to hear you at least found a symptom of the hack. That’s a good first step.1. Next, I recommend you contact your web host.
If your web host maintains daily and weekly backups, hopefully they will be able to recover your website from prior to this event.Once they do so, you’ll want to make sure all of your passwords are changed and likewise ensure all scripts on your site are updated.
2. Web host has no back-ups
Ok, so your web host has no backups (which is pretty much criminal in the hosting biz). If this is the case, you’ll need to log into your website via FTP and start looking around for newly dated files, then work to remove any hacker code you find in them.3. After action?
Well, once you clean things up it’s time to start looking at future solutions. Proactive security is your friend._x_ Check your scripts for version updates at least once a month.
_x_ Only host with a web host who maintains “weekly” backups and who does not charge for backup recovery.
_x_ Install Bulletproof Security and File Monitor Plus so you’ll know when changes are made to your website (and it’s free).
_x_ Change your WordPress admin pass and FTP pass at least quarterly (mark your calendar).So these are the basics. You can do a lot more by only hosting with web hosts who make security their top priority (i.e., discuss security on their home page, etc.).
Otherwise, I hope all goes well with you.
Also, see the usual malware clearing how-to links:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/
http://www.unmaskparasites.com/Forum: Fixing WordPress
In reply to: Website hackedHi,
Very sorry to hear this. It’s crazy that people do this, though you have some remedies.1. Contact your web host.
If your web host maintains daily and weekly backups, hopefully they will be able to recover your website from prior to this event.Once they do so, you’ll want to run not walk to ensure all of your passwords are changed, and ensure all scripts on your site are updated.
2. Web host has no backups?
Ok, so your web host has no backups (which is pretty much criminal in the hosting biz). If this is the case, you’ll need to log into your website via FTP and start looking around for newly dated files, then work to remove any hacker code you find in them.3. After action?
Well, once you clean things up it’s time to start looking at future solutions. Proactive security is your friend._x_ Check your scripts for version updates at least once a month.
_x_ Only host with a web host who maintains “weekly” backups and who does not charge for backup recovery.
_x_ Install Bulletproof Security and File Monitor Plus so you’ll know when changes are made to your website (and it’s free).
_x_ Change your WordPress admin pass and FTP pass at least quarterly (mark your calendar).So these are the basics. You can do a lot more by only hosting with web hosts who make security their top priority (i.e., discuss security on their home page).
Otherwise, I hope all goes well with you.
Forum: Fixing WordPress
In reply to: My bog has been hackedHi,
It sounds like you have a bigger problem than simple malware.
Your web host should be your first step. Call them and ask them if they maintain backups and if so whether they have a backup from prior to the date you learned your website was compromised.Your host are likely the only folks who can help you with your email issues respectively.
Forum: Fixing WordPress
In reply to: Site Hacked – Java Applet Installed SomewhereHi,
I’ve done a quick malware scan of your website and I see no obvious malware. Are you sure you are running the latest version of WordPress?In my scan it shows some older version of WordPress installed. Recommend you go to Updates then re-install to start.
Then I recommend you create a new Admin account then set all others to a lower setting.
Once done, updating your secret keys won’t hurt as well.
https://api.wordpress.org/secret-key/1.1/salt/
Google this to learn more: WordPress.org secret-key serviceForum: Hacks
In reply to: wp-includes folder hacked?Hi,
As far as I can tell your site seems free of malware:Try this free malware checking service to verify:
http://www.UnmaskParasites.com/security-report/?page=laurenbphoto.com/blog/Because bots or people are trying to connect to links on your website, that does not mean your site is hacked.
I’m not seeing any redirects or odd content here.