My Sites have been hacked. Need help!!

My WP-blogs have been hacked by some stupid .ru company selling Viagra and God knows what else. When I click a post or "continue reading" my blog redirects me to one of their shitty little sites. What can I do?

Thanks!

Hi mate,
Please update your blog to latest version. Then check if you recently added any cracked plugin or plugin that has been downloaded from suspicious places. If so remove it immediately. Scan your computer for viruses, trojans etc and remove them if any. Change your passwords - email, admin access, paypal, etc. Check your files at cpanel for recent changes to find the bad code. Remove it. If you are not familiar with that, contact your hosting support they will check what was wrong. Probably the hacker was injected you with some javascript redirect code. Find it and remove it. Also there are a lot of security plugins, which is good to have, just make a research. That shit happened all the time, so do not worry. Hope that helps

Cheers
Petko

Sometimes updating wordpress to the latest version is enough to destroy alot of hacks.I had one site I thought was hit by penguin only to discover it had been hacked.Updated and the hack was destroyed getting rankings back.It's the one major downfall of wordpress it's easy to get into if you don't pay attention.
Laugh is some company wanted $99 to get rid of the hack and knew it was a simple update.

I'd make sure you keep a backup up to date from now on too, have it backup at midnight every night, only takes a minute or 2 tops, and provides a clean restore point. However, since your site has been hacked, before you back it up, you really need to do a sweep of your database and code for hidden backdoors.

Hackers generally don't hack without leaving ways to get back in at a later date. There are free programs for this (though I'm not sure I would trust them), or if you don't mind learning a bit of code, there are online guides on where to look. An update may clear a back door by overwriting the area the backdoor code is inserted, but if the hacker is any good they would not have left it in a place that gets updated.

Go through your coding but I bet its probably just a htaccess trick that he is using. check your .htaccess for suspicious coding and their url

some of my websites were hacked too last week...it's super frustrating..losers

My site got hacked the other day...it was a bad time.

The first thing you need to do is find your vulnerabilities. Close them. Run AV on your computer. Make sure you haven't downloaded porn.exe or anything silly like that that could provide a backdoor into your site. Check your FTP logs and find out exactly what was uploaded. Clean that. Also, keep your WP updated. That's probably your vulnerability. If you keep it updated, you won't have to deal with this again.

Once that's done, if you're using Webmaster Tools, you can apply for a site review to be removed from the Google blacklist. It's pretty fast (usually less than 24 hours) to get the flag removed if you've cleaned up proper.

If your site is hosted on a server like hostgator you can always contact chat and support to help you retrieve your old site.

If you did not back it up, then I guess you are out in the dark...

The best thing is to get a security company to monitor your websites and clean them periodically (thats if you can spend up to $200 per year on your websites). If not, than try updating cms versions as those are the weak spots for the hackers. Clean up the files from inside (most of the times its htaccess files). But Its too much time to do it yourself so just hire professionals.

SOme hosting companys' wordpress websites are very easy to be hackered. I donot know why.

Normally I make my wp-admin folder only be accessed by my own IP.

1. Go to your db and remove the bad guy's admin emails and change the username back to you.
2. If your website was hackered, deleted all your wordpress files, and install a fresh newest version.

Things to do:

0. Back up everything on your site and run virus, malware and spyware programs on your computer.

1. Create a 'Battle' folder somewhere on your computer. This is where you are going to put all of the files from step 2, plus your rss and config files.

2. Inside that folder put a fresh copy of wordpress and all of the plugins you currently use. Make sure to download NEW plugins from wordpress, don't pull them down from your server.

3. Put a fresh copy of the theme you currently use in your 'Battle' folder as well.

4. After you have fresh versions of everything in your folder, delete everything EXCEPT your content folder and your feed.php, wp-commentsrss2.php, wp-rss.php, wp-rss2.php and your config file.

5. Now, go into your content folder and delete your theme and all of your plugins.

6. Go into your content folder and from your fresh wordpress you downloaded in step 2, delete each index file and replace it with the corresponding one from the fresh wordpress files. Make sure you delete the indexes and not just overwrite them because some infections won't let the index files be overwritten...so you have to delete them then upload the new ones. You can do this one at a time.

7. After you have deleted everything download the above mentioned files and open them in your web editor (dreamweaver or whatever). Look for anything suspicious and delete it. (hopefully you know what you are doing enough to know what to keep and what to delete)

8. Now go into your cpanel if you have access to it or contact your host to change all of your logins and database passwords to something new. You will need to add this information to your wp-config file unless the host does it for you.

9. Double check and make sure you don't have any additions to your site. Random folders with random html, php, js, or any other kind of file that isn't an image or video. If you do, then download them, open in your web editor, look for anything suspicious and delete it. Then delete the files on your server and upload the clean ones. Again, don't try to overwrite because some of the infections won't let it happen.

10. Once all of your passwords are changed and you have followed the above steps, upload all of the fresh files but DO NOT OVERWRITE YOUR CONTENT FOLDER. Upload your theme and plugins into your content folder but DO NOT overwrite the content folder with the fresh one because you might screw up the file path to or delete your uploads.

11. Enjoy your clean site.

Notes: If you are on a shared server, get a dedicated one. Keep your 'Battle' folder handy in the event your site gets infected again. Keep your site and plugins updated. Good luck.

I've had websites hacked plenty of times, but you kind of learn after the first time that you should have all of your WP sites backed up and sent as attachments to your email address at least once a week. Can't tell you how many times that has saved me.

Crazy Russians. I'm now convinced that they are responsible for most of the worlds spam. Don't get me wrong, I have a great friend that's Russian but any I come across that relates to spam also seems to have some sort of Russian connection....

Firstly change your pc or use another pc,then change all password if possible to change email so should be change it then send message to wp.

i will suggest to you check codex.wordpress.org/FAQ_My_site_was_hacked that's really helpful for you.

If your using a ripped theme I would really suggest getting rid of it. A lot of assholes put code in them to get into your site.