Site is Hacked

KishoSRB

Regular Member
Joined
Jan 5, 2015
Messages
302
Reaction score
111
Hi guys,

some of my sites are hacked.

I'm here to ask, does anybody have experience with some hackers who post content in bulk on file manager.

I have 10k shitty posts, sec op team from WPX deleted infected files, but the problem is not solved, they are over and over step ahead.

I'm not using any nulled plugin or theme, my pc is very clean, I'm not downloading anything from torrents, porn etc..

1636131026202.png
 

ANewBeginning

Banned - Scamming
Joined
May 13, 2021
Messages
1,040
Reaction score
699
It's possible that the themes have a backdoor in them, or the host you are using got hacked, or maybe a plugin has a vulnerability that got abused.

I had a similar problem a few years ago and what I did was just create a backup, delete everything and just restore the theme, content and everythin gelse
 

liquardo

Jr. VIP
Jr. VIP
Joined
Sep 26, 2019
Messages
204
Reaction score
214
I had the same problem, they managed to access my files and kept modifying the .htaccess file, adding redirections for their weird blog posts.
I removed all their posts (they were all html files within a single folder that was named 'forum' which they added in the 'wp-content' folder to throw me off)
I downloaded the iThemes Security WP plugin (it allows preventing sketchy modifications to the htaccess file among other things) and Wordfence plugin.
Finally I added a 410 or 'content-deleted' redirection from any of their posts to my homepage. (all their added posts were in 'domain.com/forum/random_postname_here' so it was easy to just redirect domain.com/forum/* wildcard)
It took a few weeks for Google to realize they didn't exist anymore and the site started to rank again and has been rising in ranks ever since. Never had another problem with malware on my sites again, after installing the 2 plugins.
 

KishoSRB

Regular Member
Joined
Jan 5, 2015
Messages
302
Reaction score
111
It's possible that the themes have a backdoor in them, or the host you are using got hacked, or maybe a plugin has a vulnerability that got abused.

I had a similar problem a few years ago and what I did was just create a backup, delete everything and just restore the theme, content and everythin gelse
Its Astra free official theme
 

KishoSRB

Regular Member
Joined
Jan 5, 2015
Messages
302
Reaction score
111
I had the same problem, they managed to access my files and kept modifying the .htaccess file, adding redirections for their weird blog posts.
I removed all their posts (they were all html files within a single folder that was named 'forum' which they added in the 'wp-content' folder to throw me off)
I downloaded the iThemes Security WP plugin (it allows preventing sketchy modifications to the htaccess file among other things) and Wordfence plugin.
Finally I added a 410 or 'content-deleted' redirection from any of their posts to my homepage. (all their added posts were in 'domain.com/forum/random_postname_here' so it was easy to just redirect domain.com/forum/* wildcard)
It took a few weeks for Google to realize they didn't exist anymore and the site started to rank again and has been rising in ranks ever since. Never had another problem with malware on my sites again, after installing the 2 plugins.
Exactly the same problem. Will try this after WPX's 4th time "cleaning"
 

dlyhai

Elite Member
Joined
May 31, 2015
Messages
2,093
Reaction score
251
I had the same problem, they managed to access my files and kept modifying the .htaccess file, adding redirections for their weird blog posts.
I removed all their posts (they were all html files within a single folder that was named 'forum' which they added in the 'wp-content' folder to throw me off)
I downloaded the iThemes Security WP plugin (it allows preventing sketchy modifications to the htaccess file among other things) and Wordfence plugin.
Finally I added a 410 or 'content-deleted' redirection from any of their posts to my homepage. (all their added posts were in 'domain.com/forum/random_postname_here' so it was easy to just redirect domain.com/forum/* wildcard)
It took a few weeks for Google to realize they didn't exist anymore and the site started to rank again and has been rising in ranks ever since. Never had another problem with malware on my sites again, after installing the 2 plugins.
Very nice, it is a great solution for hacked website
 

liquardo

Jr. VIP
Jr. VIP
Joined
Sep 26, 2019
Messages
204
Reaction score
214
Exactly the same problem. Will try this after WPX's 4th time "cleaning"
Good luck, I hope it works out.

I assume just protection of system files in iThemes Security will do the trick after you've removed their redirections, but might as well browse all the other security features like hiding backend etc. and use Wordfence to scan your files as it might find some hidden malware they have left behind.
1636194600663.png
 

MisterF

Jr. Executive VIP
Jr. VIP
Joined
Nov 29, 2009
Messages
24,532
Reaction score
37,070
Website
www.blackhatworld.com
Exactly the same problem. Will try this after WPX's 4th time "cleaning"

As much as I like WPX, I had this issue 3 years back, someone brute forced onto a site and injected malware.
Site got flagged, they cleaned it. A week later the malware was back. It took them 3 attempts because they were just cleaning at the top level and not looking deep enough into the databases.
 

KishoSRB

Regular Member
Joined
Jan 5, 2015
Messages
302
Reaction score
111
As much as I like WPX, I had this issue 3 years back, someone brute forced onto a site and injected malware.
Site got flagged, they cleaned it. A week later the malware was back. It took them 3 attempts because they were just cleaning at the top level and not looking deep enough into the databases.
Completely the same issue I have ...

My rankings are tanked, the site lost traffic..
 

HustleTong

Jr. Executive VIP
Jr. VIP
Joined
May 30, 2019
Messages
9,009
Reaction score
6,395
Website
bit.ly
Use WP all in one migration to keep a backup file
Use ithemes security to check for threats and reset the site
 

KishoSRB

Regular Member
Joined
Jan 5, 2015
Messages
302
Reaction score
111
I had the same problem, they managed to access my files and kept modifying the .htaccess file, adding redirections for their weird blog posts.
I removed all their posts (they were all html files within a single folder that was named 'forum' which they added in the 'wp-content' folder to throw me off)
I downloaded the iThemes Security WP plugin (it allows preventing sketchy modifications to the htaccess file among other things) and Wordfence plugin.
Finally I added a 410 or 'content-deleted' redirection from any of their posts to my homepage. (all their added posts were in 'domain.com/forum/random_postname_here' so it was easy to just redirect domain.com/forum/* wildcard)
It took a few weeks for Google to realize they didn't exist anymore and the site started to rank again and has been rising in ranks ever since. Never had another problem with malware on my sites again, after installing the 2 plugins.
Is it safe to do 410 redirection with 2k fake posts (now 404 pages) to the homepage?

Thanks
 

liquardo

Jr. VIP
Jr. VIP
Joined
Sep 26, 2019
Messages
204
Reaction score
214
Is it safe to do 410 redirection with 2k fake posts (now 404 pages) to the homepage?

Thanks
Yeah I think 410 is better than 404, since the content is intentionally deleted and not coming back. (worked for me with 300+ deleted posts, got no penalties and google de-indexed those URL's in a week or two)

I found this quote explaining the difference between the two from stackoverflow:
"This condition [the 410] is expected to be considered permanent. Clients with link editing capabilities SHOULD delete references to the Request-URI after user approval.
If the server does not know, or has no facility to determine, whether or not the condition is permanent, the status code 404 (Not Found) SHOULD be used instead."

The reason I used 410 in the first place was because some of the fake posts received a bit of traffic before google removed them from the index, so that turned into some homepage traffic instead :anyway:
 
Top