Website Hacked

by 9 replies
9
Hi guys


My site was hacked a few months ago, I have only just really noticed as I have not done much with it.


I cant really do a earlier backup because I added quite a few new pages.


I can see the code in webmaster tools, it looks like its on the home page and another page.


It looks like a redirect to buy Viagra.


I have tried countless plugins to find where the code is,


Anyone have any ideas ??


also just tried fetch as google bot, and its now saying one of the pages has a 301 redirect?
HTTP/1.1 301 Moved Permanently
Date: Wed, 06 Apr 2016 17:50:04 GMT
Server: Apache
X-Powered-By: PHP/5.4.45
Vary: Cookie
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=ed2cea7941483f27d225c7272d1b4cd8; path=/
Location:
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
#programming #hacked #website
  • Hi) What engine is your site on?

    P.S. Check this:

    1. check file .htaccess
    2. try this script for search malware: revisium.com/aibo/
    • [1] reply
    • My guess is that it's probably Wordpress...
      • [1] reply
  • It might be really hard to fix everything. If it's hacked it's probably everywhere. If you don't have a copy of not hack site than ... good lesson to make backups :/ .
    The code is probably encrypted - look for files full of weird characters like ZXC\asdjhk123123\asd ending in .php , it might be in different folders and in different files. Also it can be in javascript parts.
  • If you can't restore from backup, ask your host to run a malware scan on it. Also, if available check if they can patch this for you. If you are on a managed hosting, you should get the service for free.
  • Yes its wordpress


    see attached for the code added
  • I have installed Sucuri and run the malware, nothing showing up and everything is clean.


    Whats strange is I run the fetch as google bot on the home page a few times yesterday. On a few runs I could see the code that had been added, then it wasn't there, now its showing up again.


    I am just thinking should I sign up with Sucuri and see if they can find it.
  • You need an overhauling of your website. As advised in post above, backup and install a clean WP. Add your content via export/SQL. It's a tedious work that has to be done anyway. Some hackers infect the webservers. So, have that checked as well.
Join the discussion

Next Topics on Trending Feed