1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

3 of my sites got hacked - what to do now?

Discussion in 'Web Hosting' started by arnosv, Dec 3, 2014.

  1. arnosv

    arnosv Regular Member

    Joined:
    Jul 21, 2011
    Messages:
    322
    Likes Received:
    103
    3 of my sites (wordpress sites), on the same host, got hacked this week. My host explained to me that there's malware on my sites and therefore they needed to put on offline.

    To resolve this problem I need to manually check each file for malware (they told me that). This is a real pain in the ass because I think I can't even recognize a file with malware and there are countless amounts of files.

    Is there any easy way of doing this?

    I also never made back-ups of these sites. I can kick my self in the head for not doing this, so I definitely learned a lesson here and I hope also for everyone who reads this that doesn't back-up their sites.

    I also recall me downloading some plugins from some website for free (which weren't for free obviously), is there a big chance that such plugin could have done this? The weird thing is that these plugins are already installed for a couple of months before this malware thing happened.

    Does someone have experience with this? What should/can I do?

    Thanks in advance.
     
  2. Apricot

    Apricot Administrator Staff Member Moderator

    Joined:
    Mar 26, 2013
    Messages:
    11,970
    Likes Received:
    6,473
    Gender:
    Female
    Occupation:
    BHW Moderator
    Location:
    London
    Home Page:
    Nulled plugins are known to have malware as spreading is very easy and many hosts don't notice it until It's too late if at all.

    Lemme know if this works for you.
     
  3. Ming the Merciless

    Ming the Merciless Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 30, 2012
    Messages:
    680
    Likes Received:
    820
    Location:
    United States
    Ask BreakinBrix. I remember he had a thread with the same issue.
     
  4. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    Assuming you're able to fix your websites I would recommend you install the free security plugin WordFence in the future.
     
  5. owenmike78

    owenmike78 Newbie

    Joined:
    Dec 3, 2014
    Messages:
    9
    Likes Received:
    0
    Switch hosts as its normally related to your hosting account.
     
  6. arnosv

    arnosv Regular Member

    Joined:
    Jul 21, 2011
    Messages:
    322
    Likes Received:
    103
    Thanks for the quick responses guys.

    As for @MrApricot and @the_demon, I can't access my wordpress panel, my whole site actually (only FTP), so I can't install any plugins right now.

    I'll try to hit up BreakinBrix for this, thanks Ming!

    I rather wouldn't switch hosts as this moment because i'm, beside from this, pretty happy with their service.
     
  7. ghassan1988

    ghassan1988 Regular Member

    Joined:
    Jan 12, 2010
    Messages:
    304
    Likes Received:
    155
    Go to your FTP client, remove any themes and plugins from unknown sources, check your htaccess, header files in your themes. Wordpress sites get hacked because of pirated themes and plugins, and some because of your weak hosting security or using easy to guess passwords.
     
  8. lord1027

    lord1027 Elite Member

    Joined:
    Sep 20, 2013
    Messages:
    3,174
    Likes Received:
    2,222
    Clone them to localhost and check with that plugin from there.
     
  9. crazydevil

    crazydevil Newbie

    Joined:
    Nov 16, 2011
    Messages:
    49
    Likes Received:
    5
    Home Page:
    It could be from a plugin or it could be through your ftp client. Never automatically save passwords in your ftp client. In this way you give access to every virus or malware to connect and infect your hosting account. This could be the case here.

    Clean up your code, remove all your free or nulled plugins, scan your PC with Antivirus program or do an online malware scam. It is better to do this on localhost. When you clean/fix the problem, delete everything on your host and upload again your files through SSH (SFTP) connection.
     
  10. DemmyCool

    DemmyCool Junior Member

    Joined:
    Apr 13, 2014
    Messages:
    149
    Likes Received:
    117
    Delete everything! Start deleting files on your web server, then remove files in your personal computer...and i mean everything! Finally make a Format to your Drives and Re-install Windows! Ended, you can now rest in peace...
     
  11. K.H.R

    K.H.R Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 9, 2013
    Messages:
    2,931
    Likes Received:
    953
    Gender:
    Male
    Occupation:
    Study + Outsourcing
    Location:
    BHW
    Download All the File to your computer then use Mailware Scanner. When you will find that corrupted file Remove the Mailware & Reupload it to your hosting.
     
  12. lizmoz

    lizmoz Power Member

    Joined:
    Oct 10, 2008
    Messages:
    560
    Likes Received:
    328
    Just download the latest wp, upload everything to your site (aka do a manual update: http://codex.wordpress.org/Updating_WordPress), delete all your plugins, reupload them, boom you're probably safe again.

    If your sites are huge and with custom coding, then... shit gets way more complicated. But I would guess they're not, as in that case you'd prolly have more safety nets in place, am I right?

    Don't panic. Been in the same position myself a couple of times, uploading everything again usually helps.
     
  13. SocialMediaManager

    SocialMediaManager Elite Member

    Joined:
    Sep 20, 2012
    Messages:
    1,706
    Likes Received:
    746
    Occupation:
    Internet Marketing , Climbing
    Location:
    Dubai
    Nulled Themes and Nulled Plugins
    Well Now you will learn lesson about always keeping backup
     
  14. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,227
    Occupation:
    Retired
    Location:
    Old Peoples Home
    Once you have cleared out the nulled stuff make sure you check every file left to make sure there is no base64 encoded junk inserted anywhere, thats a favourite trick of the hackers.
     
  15. CyberAlien

    CyberAlien Regular Member

    Joined:
    Apr 14, 2010
    Messages:
    483
    Likes Received:
    231
    Try scanning the website with Sucuri.net's free scanner. You can also signup for their paid service and they'll fix it an unlimited amount of times per year (if you get hacked frequently).
     
  16. arnosv

    arnosv Regular Member

    Joined:
    Jul 21, 2011
    Messages:
    322
    Likes Received:
    103
    Thanks everyone for your help, the problem is fixed now.

    It seemed to be an old Wordpress template (inactive) I had on one of my sites. I thought it would be something all my sites had but only one site was infected and they put all 3 of my sites offline.

    This is a good learning experience for me, I'll start downloading the recommended security plugins in this thread on my sites right now and back up everything! ;p

    Thanks again.
     
  17. Andre2812

    Andre2812 Registered Member

    Joined:
    Apr 8, 2009
    Messages:
    51
    Likes Received:
    11
    Home Page:
    Just be aware that sometimes the malware is injected into other files from the original source and may resurface. My experience with this was to check all footer.php files for strange code, and even reinstall a fresh wordpress installation. ​I have had it where I thought it was all sorted out and then it resurfaces again in a few weeks... hope that isn't the case for you.