9 replies
Hi guys


My site was hacked a few months ago, I have only just really noticed as I have not done much with it.


I cant really do a earlier backup because I added quite a few new pages.


I can see the code in webmaster tools, it looks like its on the home page and another page.


It looks like a redirect to buy Viagra.


I have tried countless plugins to find where the code is,


Anyone have any ideas ??


also just tried fetch as google bot, and its now saying one of the pages has a 301 redirect?
HTTP/1.1 301 Moved Permanently
Date: Wed, 06 Apr 2016 17:50:04 GMT
Server: Apache
X-Powered-By: PHP/5.4.45
Vary: Cookie
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=ed2cea7941483f27d225c7272d1b4cd8; path=/
Location:
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
#hacked #website
  • Profile picture of the author wordpress+expert
    Hi) What engine is your site on?

    P.S. Check this:

    1. check file .htaccess
    2. try this script for search malware: revisium.com/aibo/
    {{ DiscussionBoard.errors[10625078].message }}
    • Profile picture of the author Joe Ray
      Originally Posted by wordpress+expert View Post

      Hi) What engine is your site on?/
      My guess is that it's probably Wordpress...
      {{ DiscussionBoard.errors[10625234].message }}
      • Profile picture of the author wordpress+expert
        Originally Posted by Joe Ray View Post

        My guess is that it's probably Wordpress...
        Then I advise you to do the following:

        1. Make a full backup of the database and all files your website
        2. Re-install the engine, plugins and templates (you should not overwrite the files, remove files, and then upload again). Download plugins and templates only from the official website: wordpress.org. Be careful not to delete the folder wp-content/uploads
        3. Check the folder wp-content/uploads for any php files and delete them.
        {{ DiscussionBoard.errors[10626543].message }}
        • Profile picture of the author Joe Ray
          Originally Posted by wordpress+expert View Post

          Then I advise you to do the following:

          1. Make a full backup of the database and all files your website
          2. Re-install the engine, plugins and templates (you should not overwrite the files, remove files, and then upload again). Download plugins and templates only from the official website: wordpress.org. Be careful not to delete the folder wp-content/uploads
          3. Check the folder wp-content/uploads for any php files and delete them.
          I am not the one with the hacked site, I just guessed that it was probably a Wordpress site because Wordpress sites have endless vulnerabilities and get hacked all the time.
          {{ DiscussionBoard.errors[10627272].message }}
  • Profile picture of the author robomedia
    It might be really hard to fix everything. If it's hacked it's probably everywhere. If you don't have a copy of not hack site than ... good lesson to make backups :/ .
    The code is probably encrypted - look for files full of weird characters like ZXC\asdjhk123123\asd ending in .php , it might be in different folders and in different files. Also it can be in javascript parts.
    {{ DiscussionBoard.errors[10625173].message }}
  • Originally Posted by options View Post

    Hi guys


    My site was hacked a few months ago, I have only just really noticed as I have not done much with it.


    I cant really do a earlier backup because I added quite a few new pages.


    I can see the code in webmaster tools, it looks like its on the home page and another page.


    It looks like a redirect to buy Viagra.


    I have tried countless plugins to find where the code is,


    Anyone have any ideas ??


    also just tried fetch as google bot, and its now saying one of the pages has a 301 redirect?
    HTTP/1.1 301 Moved Permanently
    Date: Wed, 06 Apr 2016 17:50:04 GMT
    Server: Apache
    X-Powered-By: PHP/5.4.45
    Vary: Cookie
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Set-Cookie: PHPSESSID=ed2cea7941483f27d225c7272d1b4cd8; path=/
    Location:
    Content-Length: 0
    Connection: close
    Content-Type: text/html; charset=UTF-8
    If you can't restore from backup, ask your host to run a malware scan on it. Also, if available check if they can patch this for you. If you are on a managed hosting, you should get the service for free.
    Signature
    [ Pure SSD ][ Shared, Reseller, Dedicated Server Hosting ] - [ MECHANICWEB.COM ]
    [ LiteSpeed | CloudLinux | MariaDB | cPanel | Malware Scan | Softaculous | SpamExperts ]
    {{ DiscussionBoard.errors[10625767].message }}
  • Profile picture of the author options
    Yes its wordpress


    see attached for the code added
    {{ DiscussionBoard.errors[10625875].message }}
  • Profile picture of the author options
    I have installed Sucuri and run the malware, nothing showing up and everything is clean.


    Whats strange is I run the fetch as google bot on the home page a few times yesterday. On a few runs I could see the code that had been added, then it wasn't there, now its showing up again.


    I am just thinking should I sign up with Sucuri and see if they can find it.
    {{ DiscussionBoard.errors[10625880].message }}
  • Profile picture of the author xtrapunch
    You need an overhauling of your website. As advised in post above, backup and install a clean WP. Add your content via export/SQL. It's a tedious work that has to be done anyway. Some hackers infect the webservers. So, have that checked as well.
    {{ DiscussionBoard.errors[10628884].message }}

Trending Topics