The Hack Repair Guy
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Hacked = Entire Site Italic… HELP!Hi,
Since it’s apparent your site was compromised, given odd users were added without your permission, I recommend you try the following steps:1. Change all administrator accounts to “editor” and leave only your account in place.
2. Change your admin password.
3. Change your FTP password. Pic: http://goo.gl/v5MFJF
4. Change your Godaddy password.
5. In WordPress, Click Dashboard -> Updates -> Reinstall Now buttonThen report back here as to whether that helps your situation.
Forum: Fixing WordPress
In reply to: Site Hacked -Scripts CompromisedHi Ifx,
Sadly, you really don’t have many options, other than to recover the site from a good backup, and then fully lock it down against future hackers.The damage has already been done, so there is nothing an outside person can do for you, without login access and a few hours of time to fix.
I recommend you first start by asking your host how far back their backups for your site go. Then backup to the oldest one you are comfortable in doing. That may just get you back up and running nicely again.
Then likewise, work to change all of your passwords, hosting company pass, FTP, email accounts and WordPress admin passwords.
Of course, make sure to update everything immediately following the recovery process.
Forum: Fixing WordPress
In reply to: WordPress Site Playing Music, Breaking Glass SoundsI’ve completed a full malware scan of the public facing pages of your website and you are looking pretty good actually. No indications of malware and I see you’ve been maintaining your version updates nicely as well (kudos!).
That said, I second that it would appear you have some odd advertisers promoting on your site, and apparently that one that pops up periodically has music or sound.
The only real oddity I found was this odd sitemeter link you have on your website, http://sm5.sitemeter.com/js/counter.asp?site=sm5kristainlondon
I recommend you remove that, as sitemeter.com is sometimes marked as suspicious by some malware / reputation services.
Forum: Fixing WordPress
In reply to: URL Hijacked?Hi,
If this a Roboform issue, I recommend you post in the Roboform forum on contact them direct.Otherwise, if it were me I would remove the roboform login entirely then check to see what happens. Have you tried that?
Forum: Fixing WordPress
In reply to: Is this a new kind of hack?If your name and articles were actually edited by someone else without your permission, it would seem you were most definitely hacked.
I would start by changing your website’s FTP passwords, then change your email accounts passwords (those associated with your blog).
Then reduce the number of admins within your dashboard to just you, and set anyone else as “Editor.”
Change your admin password once again.
Then last but not least– and I personally hate these things, but in cases like yours I would next look around for a 2-step verification / authentication plugin, and use that for a month or so until things calm down.
Forum: Fixing WordPress
In reply to: Has my WordPress site been hacked?Hi,
Well, I was say that if you are seeing pharmacy words and you didn’t add them then most certainly your site is compromised.Is very unlikely your database was hacked and more likely some file within your website was “edited” and/or added.
Recommend you start by changing your WordPress admin’s and FTP passwords. That never hurts.
As for the listings in Google, those will only disappear over time once you remove the hacker code in your website files.
Log into your Webmasters tools as well and use the Crawl -> “Fetch as Google” option to fetch your website. Then click the fetched “Comlete” link to see if that pharm text is still appearing.
So, back to the first point. Do you have a web designer who can assist you in reviewing what files might have been changed on your website recently?
Forum: Fixing WordPress
In reply to: Site Hacked – Now pages show incorrect contentOk, looks like you have a couple things going on here.
1.
Clear your browser cache to start. I have a suspicious are you seeing some old cached stuff, instead of your after hack fix results.2.
Let’s fix your permalinks, so your page titles can be better indexed.
I use this on my personal site:
/%category%/%postname%Then pop back here if you’d like another review.
Forum: Fixing WordPress
In reply to: Somebody posting spam from our siteThis falls more into the server admin side of things than a WordPress issue.
It is likely a hacker has added a mail script to your website. So, first, I would start by asking your web host if they can help review your account for any odd “non-WordPress” scripts. These types of scripts are usually pretty obvious in my experience (think snake and bit you).
Changing your email password(s) via your web host control panel, and changing your FTP passwords may help as well.
Be sure to check whether you have any extra FTP accounts setup.
Never surprises me how many folks hire a dev person “years back,” gave the fella an FTP account, then forgot to delete the account. Oopsy! So check for that as well.Forum: Fixing WordPress
In reply to: how to recover archives after being hackedSadly, if your web host does not keep a backup of your database, and you have not been maintaining a daily and weekly backup using backup plugins, the data is likely lost forever.
There are a log of great free plugins you can use for the future. Try Backupwpup or UpdraftPlus to ensure this does not happen again.
Forum: Fixing WordPress
In reply to: my wp-admin lands on another siteYour description very clearly shows you had been hacked.
If you just noticed this and believe it was fine a few days ago, I recommend you ask your host to recover your site from backup to start.
Then once that’s done, do a double check on your versions and be sure all is running the latest. Probably a good idea to change your WordPress admin password as well as your email account password you use for admin. Better safe than sorry…
Forum: Fixing WordPress
In reply to: WordPress Hacked, residule malicious code?Yes, that is most definitely malicious code.
If I were reviewing I would download the site to my computer and do some file searches for that domain in the link you show above, among other searches.
Try that download and search just be to sure you got everything. Better safe…
Forum: Plugins
In reply to: [Fancier Author Box by ThematoSoup] Latest Pages instead of Posts?2nd request for this option.
Hi,
Sorry for the late reply on this one. You’ve since figured this one out?I concur. That fixed it quite nicely. You ‘da man!
Ok, I found the Linkedin bot name:
“LinkedInBotThis line within the ban list prevents LinkedIn from properly grabbing a preview:
RewriteCond %{HTTP_USER_AGENT} ^Link [NC,OR]I will work to have the removed in future updates.