WHAT the heck happend to my site?

29 replies
I went into wordpress to check stats and I clicked to go to the site and it says:

HACKED by Mr. L4iVe

Owned by Mr. L4iVe and then it gives an email contact.

HOW do I fix this? And how does this happen? If you want to see it live PM me and I'll send you the site address.

HELP
#happend #heck #site
  • Profile picture of the author Willie Murray
    Looks like you've been hacked, do you have a backup copy or contact your hosting company to see if they can do a restore?

    EDIT:

    Not sure how confident you are working with worpress itself? You may also want to consider hardening WP once you've completed a restore, I would suggest trying to fix what's been hacked wouldn't be wise, as you would have no idea what's been comprimised by the hacker.

    http://codex.wordpress.org/Hardening_WordPress
    {{ DiscussionBoard.errors[4156644].message }}
  • Profile picture of the author SoEasyMoney
    This is crazy.....wouldn't they have to have access to my wordpress admin to do this?
    {{ DiscussionBoard.errors[4156664].message }}
    • Profile picture of the author Kerry Finch
      No they don't. You have probably not kept up to date with Wordpress updates - do this in future because they are designed to combat these types of attacks.
      {{ DiscussionBoard.errors[4156673].message }}
    • Profile picture of the author idk007
      Originally Posted by SoEasyMoney View Post

      This is crazy.....wouldn't they have to have access to my wordpress admin to do this?
      no they wouldnt. there are many methods they can get in. including having access to a hacked server on wordpress. maybe your site wasnt the only one.
      Signature

      blah blah blah

      {{ DiscussionBoard.errors[4156681].message }}
      • Profile picture of the author Brian John
        sorry to hear about that.

        would be nice to find out who these cowards are...

        {{ DiscussionBoard.errors[4156749].message }}
  • Profile picture of the author Patrick
    Thats terrible. Would be interesting to know the name of the hosting company.
    {{ DiscussionBoard.errors[4156668].message }}
  • Profile picture of the author retsek
    Contact your host.

    If you are with hostgator, contact them via LiveChat. They have special sauce to fix this.

    If you have to do it yourself, then the easiest way out is to restore the site using a cpanel backup. Then immediately change all the passwords (including the ftp password). After that, you immediately update Wordpress and all the plugins. Go through your plugins list, and delete the junk that you do not need or no longer use.
    {{ DiscussionBoard.errors[4156703].message }}
  • Profile picture of the author SoEasyMoney
    It is hosted on hostgator and I contacted their tech support and they are getting right on it.

    Thanks Kerry...I will make sure I keep it updated!
    {{ DiscussionBoard.errors[4156704].message }}
  • Profile picture of the author Willie Murray
    Like others have mentioned there are a multitude of ways they can hack your site, main thing is to get a restore done and then secure your site, as someone else mentioned software update with WP but seriously look into hardening WP to.
    {{ DiscussionBoard.errors[4156711].message }}
    • Profile picture of the author SoEasyMoney
      Originally Posted by william1872 View Post

      Like others have mentioned there are a multitude of ways they can hack your site, main thing is to get a restore done and then secure your site, as someone else mentioned software update with WP but seriously look into hardening WP to.
      Forgive the ignorance, but how do you "harden WP"?
      {{ DiscussionBoard.errors[4156727].message }}
    • Profile picture of the author Mel White
      Originally Posted by william1872 View Post

      Like others have mentioned there are a multitude of ways they can hack your site, main thing is to get a restore done and then secure your site, as someone else mentioned software update with WP but seriously look into hardening WP to.
      Gotta agree that it's a WP exploit going on. So many folks don't change passwords or lock down some of the features on comments. If you have an older version, there are know exploits that make them very vulnerable (there was one version, two years ago, that was pathetically easy to crack. The site that was hosting my webcomics used WordPress and we got hacked multiple times before WP got the update to fix the exploit.)
      {{ DiscussionBoard.errors[4157105].message }}
  • Profile picture of the author Troy_Phillips
    A word press blog is bad but I have an article directory that has been hacked .. like a $400 script. Everything was fine until I started not accepting anything but original content.

    Am wondering if it is even worth trying to rescue it if it was that easy to hack lol.
    Signature

    {{ DiscussionBoard.errors[4156738].message }}
    • Profile picture of the author Willie Murray
      Originally Posted by Troy_Phillips View Post

      A word press blog is bad but I have an article directory that has been hacked .. like a $400 script. Everything was fine until I started not accepting anything but original content.

      Am wondering if it is even worth trying to rescue it if it was that easy to hack lol.
      Depends Troy, if you have a backup you can try a restore and then harden WP?
      {{ DiscussionBoard.errors[4156760].message }}
      • Profile picture of the author Troy_Phillips
        Originally Posted by william1872 View Post

        Depends Troy, if you have a backup you can try a restore and then harden WP?
        It is not wordpress ... custom script .. while I try not to put links in post .. this is kind of different


        Signature

        {{ DiscussionBoard.errors[4156780].message }}
        • Profile picture of the author Patrick
          Originally Posted by Troy_Phillips View Post

          It is not wordpress ... custom script .. while I try not to put links in post .. this is kind of different

          [.. HaCkED By ZIED BLANCO ..]

          Doesnt matter if it is Wordpress or any custom script. If you have the backup, you can just restore the files in the FTP and also restore the database and you are back to business !
          {{ DiscussionBoard.errors[4156796].message }}
        • Profile picture of the author Jill Carpenter
          Originally Posted by Troy_Phillips View Post

          It is not wordpress ... custom script .. while I try not to put links in post .. this is kind of different

          [.. HaCkED By ZIED BLANCO ..]
          Wow, like a wall of graffiti.
          Signature

          "May I have ten thousand marbles, please?"

          {{ DiscussionBoard.errors[4156810].message }}
        • Profile picture of the author Willie Murray
          Originally Posted by Troy_Phillips View Post

          It is not wordpress ... custom script .. while I try not to put links in post .. this is kind of different
          Restore from backup would do the trick, but then you'd need to get a developer to tighten down the code, I would remove the link to as you never know what they've installed on the site that could be downloaded on to computers?
          {{ DiscussionBoard.errors[4156866].message }}
  • Profile picture of the author anatoly14
    Banned
    [DELETED]
    {{ DiscussionBoard.errors[4156830].message }}
  • Profile picture of the author Troy_Phillips
    I took the link out but .. several have it in their post now. I have spent the better part of the day working on a new product but will see about the restore later tonight.

    Will have my script lady check and see if she can find any holes that could be tightened up.
    Signature

    {{ DiscussionBoard.errors[4156919].message }}
    • Profile picture of the author Paul Barrs
      Originally Posted by SoEasyMoney View Post

      This is crazy.....wouldn't they have to have access to my wordpress admin to do this?
      Sorry Buddy, but take a number and get in line -

      I recently installed a plugin called "Limit Login Attempts" which tracks the number of failed logins on my admin panel 9and blocks users etc)

      Was amzed to see *at least* 3 or 4 attempts to get in each week; sometimes more.

      Limit Login Attempts | devel.kostdoktorn.se

      I also use Wordpress File Monitor which send me an email when files on my system have been changed -

      WordPress File Monitor | Matt Walters

      Couple of quick tips...

      Paul Barrs
      Signature
      **********
      It's Simple... I don't "sell" IM anymore, but still do lots of YouTube Videos
      **********
      {{ DiscussionBoard.errors[4156981].message }}
  • Profile picture of the author Ken Durham
    Check your ftp log, error logs and access logs. You should be able to find out how access was gained. One of the biggest problems is people leaving directories with public write access. That and programmers not filtering for sql injections.

    If you use FTP they may have gotten your log in credentials. Be sure to change all passwords. If they got in through ftp, your system may be infected. Be sure to scan your system before anything else.
    Signature

    yes, I am....

    {{ DiscussionBoard.errors[4156955].message }}
  • Profile picture of the author Owen Smith
    I had a similar problem with wordpress. I found that there was malicious script within one of the plugins I installed which allowed the hacker instant access to amend my index page and random generate my admin password and username to a new set.

    I would google all plugins you have prior to this happening to see if any others have reported hacking.

    Contact your host who will surely restore your website.

    If it is hostgator make sure you contact them before saturday as they wipe over the backups on sunday.

    -Owen
    Signature

    All the Hottest eBooks, Graphics, Software, Videos, Articles, and Templates you want with PLR and MRR. Join PLR Assassin Today!

    {{ DiscussionBoard.errors[4157072].message }}
  • Profile picture of the author SoEasyMoney
    Update: MANY (at least 4 that I know of so far) of my sites have been hacked. I'm working with hostgator right now to figure it out. WOW......never knew this was even possible
    {{ DiscussionBoard.errors[4157557].message }}
  • Profile picture of the author Leveragist
    I had the same thing happen to one of my sites not too long ago. My IT guy fixed it by uploading the last backup that didn't have the malicious code. The bad news was the last "clean" backup was over 2 months prior. The good news was that I hadn't posted much new stuff, so it wasn't that difficult to put everything back again. It was still a pain in the a%#, though.

    Now, I do constant backups and make sure all my WP plugins are up-to-date. I also delete plugins that I don't really need and plugins whose developers stopped updating them. These old/non-updated plugins are ripe for exploits.
    {{ DiscussionBoard.errors[4157570].message }}

Trending Topics