My WP site was just hacked be KiLLerMiNd and KishanPatel ??? Now What

12 replies
Hi Worriors,

I've been working hard on a wp site and finally made it to page one in google for my keyword. I checked the site this morning and its just a blank page indicating the site has been hacked and some kind of shake down to provide security.

What is the best way to handel this??? Please Help
#hacked #killermind #kishanpatel #site
  • Profile picture of the author andrejvasso
    And again some1 using wordpress is getting hacked... When will you people finaly learn that using Wordpress is a dumb idea if you dont know what you are doing and installing all possible shady and poorly coded plugins. (no offense, just a general fact every1 should remember).

    Anyways, there is not much you can do now. Your best bet is:

    Delete the whole site (you cant never know where they have built in backdoors and where not, so you wont come around to actually delete it all). Of course you can do a database backup of all posts first to at least save your content.

    Next: You need to change all of your password (ALL! that means: email, ftp, cpanel, hosting,facebook,msn etc. ALL of them).

    But attention: do that from another computer and not yours. Why? Because we cant be sure if you werent infected by a keylogger/trojan that was stealing your passwords. And if that is the case, changing passwords would not help at all, because the trojan would just submit the new passwords to the hacker.

    Once you have deleted the page, changed all passwords (from another computer), you will have to format your hard drive, because if it is a sophisticated trojan, you will never be able to get rid of it without a new, clean install of your OS.

    I know thats a lot of work and a mess, but there is no "easy" way, if you want to make sure that it doesnt happen again in a few days. I am sorry :/
    {{ DiscussionBoard.errors[4851280].message }}
    • Profile picture of the author JROC777
      Wow this hurts, Thanks for your reply. I used a password generator when I created all new passwords. Would it still get passed along to the hacker if I was cut and pasting them in?
      {{ DiscussionBoard.errors[4851785].message }}
      • Profile picture of the author andrejvasso
        Originally Posted by JROC777 View Post

        Wow this hurts, Thanks for your reply. I used a password generator when I created all new passwords. Would it still get passed along to the hacker if I was cut and pasting them in?
        It all depends on how sophisticated the trojan is (in case you were infected, but its hard to tell if that has happened - thats why I personally would just assume you were and do the steps I suggested), but yes: it would most probably get passed to the hacker anyhow no matter what you do.

        Of course, you could, if you want, also just do the complete site deletion, change passwords etc. and than hope everything will be okay.

        If you get hacked again within a short period of time, you know for sure that you have a trojan in your system that is stealing passwords and you will have to format the hd to get really rid of it.

        If everything is fine after you change passwords, delete the site etc. and you are not getting hacked again within next weeks, you can assume that the site was hacked using a vulnerable in your website (most probably in some plugins or an outdated wordpress version). A hd format would obv. not be necessary than.
        {{ DiscussionBoard.errors[4851864].message }}
        • Profile picture of the author JROC777
          I dont konw how to format the hd so I will have to run the scans delete the sites and hope for the best.
          {{ DiscussionBoard.errors[4851899].message }}
          • Profile picture of the author andrejvasso
            Originally Posted by JROC777 View Post

            I dont konw how to format the hd so I will have to run the scans delete the sites and hope for the best.
            Its very easy and you can find guides on how to do it everywhere, so no worries! All you will need is a window installation disk (or linux or w/e you prefer).

            But yes, you are probably better of simply deleting the site, changing pws etc. and hope for the best.

            And of course you should use the newest Wordpress version once you are recreating your site. And also try to avoid to use the same plugins, unless the plugins are very well known and up-to-date.

            But in case you are getting hacked again, you will have to take a look on how to format a hd and install a new OS. I am afraid there is no way around that.

            But lets keep fingers crossed and hope the problem is solved once you done site deletion and pw changes!
            {{ DiscussionBoard.errors[4851995].message }}
    • Profile picture of the author DEaFeYe
      Banned
      [DELETED]
      {{ DiscussionBoard.errors[4853574].message }}
      • Profile picture of the author JROC777
        OK, so my host company fixed the problem and my sites back up. They said there was nothing else I had to do. They indicated they had removed everything to do with the TimThumb plugin that caused the issue in the first place.

        My concern is would they have done what's been suggested to me in this thread or is my site now a time bomb waiting to hacked again ?

        any opinions

        {{ DiscussionBoard.errors[4857596].message }}
  • Profile picture of the author Robert Michael
    IF you decide to go this route:

    To format the HD to install a fresh copy of Windows, I use Erase hard drive by Active@ KillDisk. Low Level Format.

    It's free. You would just need to create a bootable CD from the ISO of Active Kill Disk, that way when you have the CD inserted and you turn on the computer, it will boot from that CD and not the OS.

    To turn the ISO into a bootable CD, use http://www.imgburn.com/index.php?act=download

    Then once you have wiped out the hard drive, just install Windows back on to it.

    Sorry man, I know its a pain in the ass but its better to be safe than sorry. Had to do this countless times in the past.

    Once you get Windows back on your PC, I recommend using Internet Security Software - Antivirus Free Firewall Download | Comodo

    Comodo won't do anything to protect your WP site, but it will take care of any vulnerabilities on your computer (virus/trojan/keylogger/whatever)

    They are free for life, literally THE BEST free antivirus you will ever find.

    This thing stopped a Virut from damaging my computer, while a paid antivirus did not.

    Good luck!
    {{ DiscussionBoard.errors[4852043].message }}
    • Profile picture of the author JROC777
      Thanks Who's That Guru,

      I am running the paid version of Avast Anti Virus and was using it when all this happened, would that have protected at least my computer? The scan I just completed came back with 4 files labled as a decompression bomb. I understand these are just really big files that can flagged by AV but how do I know they are actually safe?

      Sorry for the lack of knowledge here, first time being hacked
      {{ DiscussionBoard.errors[4852879].message }}
  • Profile picture of the author Robert Michael
    No idea about that "bomb" thing, lol but I have used Avast before and it doesnt compare to COMODO.

    Trust me on this
    {{ DiscussionBoard.errors[4853085].message }}
    • Profile picture of the author JROC777
      Will do thanks again, turns out it was the TimThumb plugin that got me.

      Jimmy
      {{ DiscussionBoard.errors[4853534].message }}
  • Profile picture of the author andrejvasso
    well, you could just trust them for now and hope the best. if you get hacked again anytime soon:

    You know they did a bad job and you should consider following all steps we have told you. (+change hosting company)
    {{ DiscussionBoard.errors[4857870].message }}
  • Profile picture of the author cannons
    it might me because of te chmod777 check if you have that in your wp blog. It is a very common hack and script kiddies are always looking for blogs having this vulnerability
    {{ DiscussionBoard.errors[4870779].message }}

Trending Topics