20 {{ upvoteCount | shortNum }}
20 {{ upvoteCount | shortNum }}

Site was hacked??? Need some help

by zozja
17 replies
Hey Warriors,

My website was hacked or something.... it's a wordpress blog site and I went to log in at website (dot) com/wp-admin and there was this weird error page that said I needed to upgrade. I went to my ftp and saw a couple strange files called UNPROTECTED.htaccess and something else. I deleted them and was able to log on to the WP control panel. Now, the homepage is showing up fine, but the other pages don't show up. I can't figure out what is going on. The links match the links in my WP control panel. Here is the website: hcggrantspass (dot) com

Any help would be most appreciated!!!

Rebecca
#hacked #site
  • Profile picture of the author adsense786
    did you contact server provider?
    {{ DiscussionBoard.errors[4657988].message }}
    • Profile picture of the author MattVit
      Originally Posted by kaleelkr View Post

      did you contact server provider?
      Why does he need to bother the server provider for a problem with his software?

      That's like asking a gas/petrol station attendant to help you with your car problems. They keep your car / website going, but it's your responsibility to maintain the car / website - not the server provider.
      Signature

      {{ DiscussionBoard.errors[4722593].message }}
  • Profile picture of the author zozja
    no..... i didn't... do you think it's a web server problem??
    {{ DiscussionBoard.errors[4657993].message }}
  • Profile picture of the author Istvan Horvath
    Without ftp access and WP login nobody can tell what the problem is. If they say they can guess... they are lying.

    I'd ask my host to take a look at the WP files and the database.

    Before that:
    - deactivate all plugins
    - switch back to the default theme
    - check if you can see your posts
    (if yes, there is a problem with your theme, its files)
    (if not, you are in trouble - might be a database problem)

    GENERAL LESSON: When your site is hacked or you suspect it was - contact your host, don't chat in forums!!!
    Signature

    {{ DiscussionBoard.errors[4657996].message }}
    • Profile picture of the author AnniePot
      Originally Posted by Istvan Horvath View Post

      GENERAL LESSON: When your site is hacked or you suspect it was - contact your host, don't chat in forums!!!
      I've only ever been hacked once and that was through a regular html site I'd had online for about two years, not a WP blog. When I checked on it, the home page had been changed completely to direct my visitors to a porn site...yuk

      At the time, the first thing I did was contact the hosting company, (one of the well known ones). They replied in just a few words that there was nothing they could do, security of my site was my responsibility.

      I already had a long-standing account with Hostgator and within a few days I switched everthing across from the other company and closed my account with them.
      {{ DiscussionBoard.errors[4668291].message }}
  • Profile picture of the author zozja
    I just deactivated my plugin, so it was something going on with them!!! THANKS ISTVAN!!!! Now, why would I go to my host first when you answered my problem so quickly
    {{ DiscussionBoard.errors[4658011].message }}
    • Profile picture of the author dave_hermansen
      Yeah, I'd get the hosting company to move me to a backup & in the meantime you should change your main cpanel password. If you're lucky enough to be with a good web hosting company like HostGator, they'll likely do it right away and for little or no charge!
      Signature
      BizSellers.com - The #1 place to buy & sell websites!
      We help sellers get the MAXIMUM amount for their websites and all buyers know that these sites are 100% vetted.
      {{ DiscussionBoard.errors[4658022].message }}
    • Profile picture of the author Istvan Horvath
      Originally Posted by zozja View Post

      Now, why would I go to my host first when you answered my problem so quickly
      Because as you stated in your OP you have found strange files in your account... which is quite a sure sign of the account being compromised!
      That's why :rolleyes:
      Signature

      {{ DiscussionBoard.errors[4658029].message }}
  • Profile picture of the author spearce000
    I had a similar problem a while back. As others have suggested, you should get in touch with your hosting provider. If you're on a shared hosting account, it could be that the hacker is getting in via another account on the same server.

    You should also see if your provder can restore a backed up version of your site from before the hack, as there may be hidden files on your webspace now that can proide a way in for hackers.

    Finally, check for any files or scripts that have their permissions set to 777 as this is a back door for hackers. If you find any, change them to 755.

    If this happens again, change to another hosting company. That's what I had to do in the end, as my previous hosting company's securty left a lot to be desired!
    {{ DiscussionBoard.errors[4660469].message }}
  • Profile picture of the author mywebwork
    Whenever I see a post like this my first inclination is to ask if you have a current backup? In many cases the simplest method of getting everything back together is to do a restore from a current backup.

    While I am happy to hear that you have it resolved I still have the question - do you have a backup scheme and a current backup?


    Bill
    {{ DiscussionBoard.errors[4662063].message }}
  • Profile picture of the author kt1000
    just restore all files from backup
    {{ DiscussionBoard.errors[4667894].message }}
  • Profile picture of the author malco714
    my site was on page one now is way back and goes to site called stuff gate a web site page anilizer give how much the stie is worth ip adress ,a bunch of other info.
    {{ DiscussionBoard.errors[4720093].message }}
  • Profile picture of the author Tim Franklin
    Just curious if you used an auto script installer to install wordpress? over the last month I have seen a number of wordpress exploits that take advantage of the auto installer process, (I have seen a number of products that recommend using an auto installer but in reality it is a bad idea)

    Manually install wordpress, it really is the best way.
    Signature
    Bitcoin | Crypto | Blockchain Secrets |
    {{ DiscussionBoard.errors[4722653].message }}
    • Profile picture of the author Sign Up
      Originally Posted by Tim Franklin View Post

      Just curious if you used an auto script installer to install wordpress? over the last month I have seen a number of wordpress exploits that take advantage of the auto installer process, (I have seen a number of products that recommend using an auto installer but in reality it is a bad idea)

      Manually install wordpress, it really is the best way.
      Totally agree with you.

      I never use auto-installers and i'm happy to do it manualy. It takes few minutes more, but its more safer than auto installers.
      {{ DiscussionBoard.errors[4722673].message }}
  • Profile picture of the author johnw18
    Try also adding plugins such as login lockdown to prevent hacking of the admin (locks them out for an hour after multiple failed attempts).
    {{ DiscussionBoard.errors[4723158].message }}
    • Profile picture of the author DeadGuy
      Your modified htaccess does mean that someone was fiddling around in your site. It's always a good practice to check AND MAKE ABSOLUTELY CERTAIN that you have ftp anonymous logins disabled on your server. Some hosting companies have this turned on by default.
      Signature

      You are making this work at home stuff way harder than it is. Ready for some sanity? Clear your head and start over.

      {{ DiscussionBoard.errors[4723334].message }}
  • Profile picture of the author Sophix
    First place to start would be with your host, their admin may have changed some things.
    {{ DiscussionBoard.errors[4723391].message }}

Trending Topics