Site's hacked should these files be there

4 replies
My WP sites were hacked and they inserted a (.log) file in all the public html and filled them with thousands of files and site pages my bandwidth went through the roof.

Have deleted all these files but there are a couple of files i'm not sure about, in Cpanel if i click on themes at the bottom of list there is a index php file when i open it it has

PHP script text

// Silence is golden.

Should this be there,what the hell is silence is golden.

In Cpanel when i open Wp admin file and then open htaccess file they all have RewriteRule to names that have no bearing to my sites are these part of the hack.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /wp-admin/josh.php?q=$1 [L]

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /wp-admin/dumbbells.php?q=$1 [L]

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /wp-admin/benches.php?q=$1 [L]

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /wp-admin/yah.php?q=$1 [L]

Any help would be appreciated,i'm not that techy
#files #hacked #site
  • Profile picture of the author nthmarketing
    Hopefully you have a backup or your hosting does. I would contact them first. If they do I would have them revert back to a date that you know for sure everything was good. And that your losing a minimum amount of work.

    I would delete everything in the entire directory if you have your own personal backup and re-do everything clean.

    What a pain!

    {{ DiscussionBoard.errors[4288480].message }}
    • Profile picture of the author ohio1975
      is your hosting using microsoft servers or linux?

      i have found linux to be better in terms of tightening up permissions within a directory. i supported a web site that was hosted by microsoft servers and it was routinely hacked. we moved it to a hosting service that used linux, and we were able to tighten up the read-write permissions on the directory as well as the files - no more hacking (knock on wood).
      {{ DiscussionBoard.errors[4289822].message }}
  • Profile picture of the author mywebwork
    Don't panic about the "silence is golden" - that's a WordPress file and is there intentionally.

    An "old" trick to keep someone from browsing your directories is to populate each one with an index.php or index.html file - this way someone landing on the directory with a web browser sees the contents of the index file instead of the directory listing.

    While the conventional method is to just use blank index files (or ones that redirect you to the home page) WordPress developers chose to populate theirs with the cute phrase "silence is golden". I guess they thought it was nicer than "get off this page you dirty swine"!

    Look in a virgin WordPress installation and you'll find a few of these - the root of the wp-content directory is one example.

    {{ DiscussionBoard.errors[4296998].message }}
  • Profile picture of the author TrueStory
    I would highly recommend re-installing wordpress but re-linking it to old DB.

    The problem with having your site hacked is that they could have modified ANY .php file with malicious code, you will really never know. And if you want to go through each and every PHP file and compare it to virgin install, that might take a while.

    Re-install a fresh copy of wordpress

    point it to your OLD DB
    rename old WP folder
    rename new WP folder to the name of old folder.

    Your plugins might not load correctly, you will need to move them manually from old WP.

    I don't feel like writing step by step, if you HAVE NO IDEA how to do all the above, shoot me PM; or google "reinstalling wordpress with old database"

    Your business matters only to people that matter to your business[/U][/B] - Reach them?

    {{ DiscussionBoard.errors[4297391].message }}

Trending Topics