What to do when your hacked... how to fix it... here is a quick checklist
So this post is getting written because, despite my best efforts for a secure system, I had a handful of sites hacked this morning.
All Wordpress.
IF you wake up and you see something different on your site, claiming to be from:
E404 -- Most common with new timthumb hack
these are larger groups that will steal more then your site:
Masters of Deception
Legion of Doom
Chaos Computer Club
milW0rm
Red hacker alliance
Anonymous
Lulzsec
DON'T FREAK OUT.
In most cases, only a handful of things have been changed.
Most of them are not getting to your theme files, but to the core files of the Wordpress framework, they either will inset a index.html file that overrides the index.php file of Wordpress thus displaying their page.
A simple deletion of this file... and your all good.
Sometimes they get more indepth and will actually switch out your index.php file, in this case, download the latest version of WP and upload the new index.php file to your site.
-------
Where things get tricky...
Sometimes, they may touch your .htaccess file and completely override and change the way your domain acts, thus not even pointing to Wordpress.
Again, just download the latest version of the WP htacess file which should read something like this:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
And your all good.
++++++++++++++++++++++++++++++++++++
Be sure to contact your host, to let him know that your site was hacked, tell them which group, and what they did.
Most of the time they can't do much, but... the more they know, the more protection they can give.
William Butler Yeats
FREE eBook: 101 Powerful Affirmations (worth $47)
Get Free PDF (Direct download, no opt-in required)-->> Read It Now