1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacked by a Hacker.... Team?

Discussion in 'Blogging' started by graphox, Mar 5, 2012.

  1. graphox

    graphox Regular Member

    Joined:
    Feb 1, 2011
    Messages:
    216
    Likes Received:
    17
    lol they just uploaded a index.html file to all my WP sites... So I'm guessing they have access to my FTP? Hopefully not but probably...

    They posted their FB link on it too :| https://www.facebook.com/MG.T34M

    Also they put a virus on my website too..

    What should I do?
     
  2. jone1p5445

    jone1p5445 Newbie

    Joined:
    Nov 8, 2011
    Messages:
    12
    Likes Received:
    4
    that sucks
     
  3. graphox

    graphox Regular Member

    Joined:
    Feb 1, 2011
    Messages:
    216
    Likes Received:
    17
    Yea really pissed cuz Google will probably deindex me or derank me if I don't fix this like right NOW. But I don't know how to...
     
  4. Humble

    Humble Registered Member

    Joined:
    Jul 17, 2010
    Messages:
    81
    Likes Received:
    51
    Occupation:
    Human
    Location:
    North American
    You may be using a nulled theme that's been backdoored with a shell. Do you recall installing any plugins/scripts?
     
  5. rowebil

    rowebil Regular Member

    Joined:
    Sep 20, 2010
    Messages:
    390
    Likes Received:
    51
    Location:
    Pennsylvania
    Just browse around using FileZilla or something. On the local side, have a fresh download of your version there. On the remote side, view your wordpress blogs? Go through every folder and make sure their aren't any shells or extra files that look fishy...

    OR, just backup everything, make it like blog(old) so you have the old blog in case you need something. Also, don't remove the databases yet, make new ones. Long passwords. Longer table prefixes as well. Just don't install themes that are 'custom' because they may have a shell on them. This is what I did when I moved my blog, to a different subdirectory and subdomain for simplicity. I do things the hard way, so that I know their done right. Also, I don't have blogs that make me money lol. This is a blog I designed for a different reason. Basically for my PC repair business.

    Change all passwords as well. FTP. Your hosting site, if you can. MySQL databases as well. I hope you're fluent in doing this. I mean like editing all the wp-config.php files to put your new database password in? Even if you make new blogs and transfer everything, still - change the OLD blogs MySQL passwords just to be safe. Then, give me your website and I'll see if I can get through. ;P

    Too bad their isn't a program where you can open EVERY .php and .html file, and see what is displayed. Then, you can see if there any C100 or C99 shells. I'm sure they have some MySQL shells because, the MySQL shell on C100 shell kinda sucks and doesn't work all the time. IF they were smart enough, they would have grabbed the MySQL password and username from the config file, and saved it to make your life miserable, because they know people will only delete the index.html file and move on.
     
    Last edited: Mar 5, 2012
  6. [Bender]

    [Bender] Registered Member

    Joined:
    Feb 1, 2012
    Messages:
    67
    Likes Received:
    48
    Quite possible.. having a bunch of theme security plugins is a must.. but I wonder, how good can they be?

    Anyway, if you can't access your cpanel/whatever you're using, just contact your hosting company and tell them you were hacked..
     
  7. rowebil

    rowebil Regular Member

    Joined:
    Sep 20, 2010
    Messages:
    390
    Likes Received:
    51
    Location:
    Pennsylvania
    Yeah, good points [Bender.] I wonder if you've been keylogged, and when you were signing into your cPanel, they got the password and then they used file manager. Most likely, they searched google for a "powered by Wordpress 3 nulled by Zaio" and found your blog, only knowing it was susceptible to exploits. Or, maybe it's a competitor that found out your themes had a vulnerability.
     
  8. graphox

    graphox Regular Member

    Joined:
    Feb 1, 2011
    Messages:
    216
    Likes Received:
    17
    Yea one of the sites uses a nulled theme but the rest are all legit.

    I just deleted the index.html and sitemap.xml.gz files and I THINK everything was gone. At least Google doesn't popup and block it saying there is malware on it..