1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My Sites have been hacked. Need help!!

Discussion in 'Black Hat SEO' started by parasitus84, Jun 17, 2012.

  1. parasitus84

    parasitus84 Regular Member

    Joined:
    Apr 28, 2011
    Messages:
    288
    Likes Received:
    42
    My WP-blogs have been hacked by some stupid .ru company selling Viagra and God knows what else. When I click a post or "continue reading" my blog redirects me to one of their shitty little sites. What can I do?

    Thanks!
     
  2. Petko

    Petko Junior Member

    Joined:
    Mar 9, 2011
    Messages:
    192
    Likes Received:
    75
    Occupation:
    Customer support ( for now..)
    Location:
    Sofia, Bulgaria
    Hi mate,
    Please update your blog to latest version. Then check if you recently added any cracked plugin or plugin that has been downloaded from suspicious places. If so remove it immediately. Scan your computer for viruses, trojans etc and remove them if any. Change your passwords - email, admin access, paypal, etc. Check your files at cpanel for recent changes to find the bad code. Remove it. If you are not familiar with that, contact your hosting support they will check what was wrong. Probably the hacker was injected you with some javascript redirect code. Find it and remove it. Also there are a lot of security plugins, which is good to have, just make a research. That shit happened all the time, so do not worry. Hope that helps

    Cheers
    Petko
     
    • Thanks Thanks x 2
    Last edited: Jun 17, 2012
  3. cloakndagger

    cloakndagger Power Member

    Joined:
    Oct 31, 2010
    Messages:
    613
    Likes Received:
    173
    Sometimes updating wordpress to the latest version is enough to destroy alot of hacks.I had one site I thought was hit by penguin only to discover it had been hacked.Updated and the hack was destroyed getting rankings back.It's the one major downfall of wordpress it's easy to get into if you don't pay attention.
    Laugh is some company wanted $99 to get rid of the hack and knew it was a simple update.
     
  4. SH44tre

    SH44tre Newbie

    Joined:
    May 2, 2012
    Messages:
    40
    Likes Received:
    38
    Occupation:
    misc
    Location:
    It is currently rainy with a chance of more rain
    I'd make sure you keep a backup up to date from now on too, have it backup at midnight every night, only takes a minute or 2 tops, and provides a clean restore point. However, since your site has been hacked, before you back it up, you really need to do a sweep of your database and code for hidden backdoors.

    Hackers generally don't hack without leaving ways to get back in at a later date. There are free programs for this (though I'm not sure I would trust them), or if you don't mind learning a bit of code, there are online guides on where to look. An update may clear a back door by overwriting the area the backdoor code is inserted, but if the hacker is any good they would not have left it in a place that gets updated.
     
  5. BleuMunkiGraphics

    BleuMunkiGraphics Junior Member

    Joined:
    Jun 13, 2012
    Messages:
    155
    Likes Received:
    26
    Occupation:
    Graphic Designer
    Location:
    Houston,Texas
    Go through your coding but I bet its probably just a htaccess trick that he is using. check your .htaccess for suspicious coding and their url
     
  6. rockong

    rockong Power Member

    Joined:
    Jan 19, 2012
    Messages:
    661
    Likes Received:
    283
    Occupation:
    Wealth advisor to internet marketers.
    Home Page:
    some of my websites were hacked too last week...it's super frustrating..losers
     
  7. niggy

    niggy Junior Member

    Joined:
    Jan 19, 2011
    Messages:
    151
    Likes Received:
    41
    My site got hacked the other day...it was a bad time.

    The first thing you need to do is find your vulnerabilities. Close them. Run AV on your computer. Make sure you haven't downloaded porn.exe or anything silly like that that could provide a backdoor into your site. Check your FTP logs and find out exactly what was uploaded. Clean that. Also, keep your WP updated. That's probably your vulnerability. If you keep it updated, you won't have to deal with this again.

    Once that's done, if you're using Webmaster Tools, you can apply for a site review to be removed from the Google blacklist. It's pretty fast (usually less than 24 hours) to get the flag removed if you've cleaned up proper.
     
  8. seohamster

    seohamster Newbie

    Joined:
    May 11, 2012
    Messages:
    19
    Likes Received:
    5
    If your site is hosted on a server like hostgator you can always contact chat and support to help you retrieve your old site.

    If you did not back it up, then I guess you are out in the dark...
     
  9. skripel

    skripel BANNED BANNED

    Joined:
    Sep 8, 2010
    Messages:
    248
    Likes Received:
    80
    The best thing is to get a security company to monitor your websites and clean them periodically (thats if you can spend up to $200 per year on your websites). If not, than try updating cms versions as those are the weak spots for the hackers. Clean up the files from inside (most of the times its htaccess files). But Its too much time to do it yourself so just hire professionals.
     
  10. casinopokertalk

    casinopokertalk Newbie

    Joined:
    Jun 25, 2012
    Messages:
    18
    Likes Received:
    0
    Location:
    forums.powerhoster.com
    Home Page:
    SOme hosting companys' wordpress websites are very easy to be hackered. I donot know why.

    Normally I make my wp-admin folder only be accessed by my own IP.

    1. Go to your db and remove the bad guy's admin emails and change the username back to you.
    2. If your website was hackered, deleted all your wordpress files, and install a fresh newest version.
     
  11. moarman

    moarman Newbie

    Joined:
    Jul 15, 2010
    Messages:
    28
    Likes Received:
    5
    Things to do:

    0. Back up everything on your site and run virus, malware and spyware programs on your computer.

    1. Create a 'Battle' folder somewhere on your computer. This is where you are going to put all of the files from step 2, plus your rss and config files.

    2. Inside that folder put a fresh copy of wordpress and all of the plugins you currently use. Make sure to download NEW plugins from wordpress, don't pull them down from your server.

    3. Put a fresh copy of the theme you currently use in your 'Battle' folder as well.

    4. After you have fresh versions of everything in your folder, delete everything EXCEPT your content folder and your feed.php, wp-commentsrss2.php, wp-rss.php, wp-rss2.php and your config file.

    5. Now, go into your content folder and delete your theme and all of your plugins.

    6. Go into your content folder and from your fresh wordpress you downloaded in step 2, delete each index file and replace it with the corresponding one from the fresh wordpress files. Make sure you delete the indexes and not just overwrite them because some infections won't let the index files be overwritten...so you have to delete them then upload the new ones. You can do this one at a time.

    7. After you have deleted everything download the above mentioned files and open them in your web editor (dreamweaver or whatever). Look for anything suspicious and delete it. (hopefully you know what you are doing enough to know what to keep and what to delete)

    8. Now go into your cpanel if you have access to it or contact your host to change all of your logins and database passwords to something new. You will need to add this information to your wp-config file unless the host does it for you.

    9. Double check and make sure you don't have any additions to your site. Random folders with random html, php, js, or any other kind of file that isn't an image or video. If you do, then download them, open in your web editor, look for anything suspicious and delete it. Then delete the files on your server and upload the clean ones. Again, don't try to overwrite because some of the infections won't let it happen.

    10. Once all of your passwords are changed and you have followed the above steps, upload all of the fresh files but DO NOT OVERWRITE YOUR CONTENT FOLDER. Upload your theme and plugins into your content folder but DO NOT overwrite the content folder with the fresh one because you might screw up the file path to or delete your uploads.

    11. Enjoy your clean site.

    Notes: If you are on a shared server, get a dedicated one. Keep your 'Battle' folder handy in the event your site gets infected again. Keep your site and plugins updated. Good luck.
     
    • Thanks Thanks x 1
  12. Pilot

    Pilot Junior Member

    Joined:
    Jan 24, 2012
    Messages:
    153
    Likes Received:
    29
    Location:
    New York City
    I've had websites hacked plenty of times, but you kind of learn after the first time that you should have all of your WP sites backed up and sent as attachments to your email address at least once a week. Can't tell you how many times that has saved me.
     
  13. soma56

    soma56 Regular Member

    Joined:
    Jun 16, 2009
    Messages:
    276
    Likes Received:
    154
    Home Page:
    Crazy Russians. I'm now convinced that they are responsible for most of the worlds spam. Don't get me wrong, I have a great friend that's Russian but any I come across that relates to spam also seems to have some sort of Russian connection....
     
  14. paulwilliams972

    paulwilliams972 Regular Member

    Joined:
    Apr 24, 2012
    Messages:
    370
    Likes Received:
    37
    Location:
    Tester World
    Firstly change your pc or use another pc,then change all password if possible to change email so should be change it then send message to wp.
     
  15. markhenry121

    markhenry121 Elite Member

    Joined:
    Oct 14, 2011
    Messages:
    2,149
    Likes Received:
    239
    i will suggest to you check codex.wordpress.org/FAQ_My_site_was_hacked that's really helpful for you.
     
  16. str8thustler

    str8thustler Power Member

    Joined:
    Dec 3, 2008
    Messages:
    669
    Likes Received:
    243
    Occupation:
    ClientMAX Marketing
    Location:
    Philly
    Home Page:
    If your using a ripped theme I would really suggest getting rid of it. A lot of assholes put code in them to get into your site.