1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Some assistance needed! Wordpress site hacked.

Discussion in 'BlackHat Lounge' started by super11, Jun 21, 2011.

  1. super11

    super11 Senior Member

    Joined:
    Mar 30, 2009
    Messages:
    879
    Likes Received:
    294
    Occupation:
    Full time Online
    Location:
    Home
    Hey,

    Can someone help on this matter/

    http://www.i-gadgetz.com

    I own this site which got hacked. You can clearly see the message from the hacker on the website. I don't understand why these guys exist to make life hell for others. Can someone get an idea by looking at the site and be able to help me deal with the situation. Thks!
     
  2. quadratic

    quadratic Registered Member

    Joined:
    Oct 26, 2009
    Messages:
    69
    Likes Received:
    46
    When this has happened to my sites the script kiddie = hacker has edited the template used to give a single page html output. I see your wp-login.php page still exists so the core wordpress files are still there.

    My normal plan of attack to remedy this is outlined below but I think you are lucky in that point 6 has not happened. I can see your site deep pages it by using a site: enquiry in big G and then navigating direct to the page. As such you may just need to log in and change the template to remove the problem. I would try this before doing any restores as you could loose recent data during a restoration.

    What to do

    1. Log into your hosting platform and restore from a full backup, both site files and the mysql database.

    2. If this is not possible see if your hosting provider can quickly restore from a backup they made. If this is fruitless you need to do a repair, check there is no additional code in the .htaccess files, if so edit it out.

    3. Use phpmyadmin and restore from a recent database backup you have. If this is not possible check the mysql database for your site - the users table. Often they edit the admin user and substitute their email address. If so insert your correct email.

    4. Try to log into your site to repair it. If they have changed your password you can now ask the system to send you a new one ( remember you changed the email address back to yours)

    5. When you then get into the site admin change the site template to a different one and check is the site showing your data?

    6. If the site looks ok but there are no posts then you really need that backup or you will need to use the Google cache and the Internet Wayback Machine to view your old data and do a manual restore.

    When you have access to the site and it looks ok once more be careful. The intruder may have done some other changes which are not obvious and there may be backdoors or trojans hidden somewhere. A full restore can eliminate this possibility.

    Good Luck!
     
    • Thanks Thanks x 4
  3. bornformoney

    bornformoney Senior Member

    Joined:
    Feb 22, 2011
    Messages:
    1,189
    Likes Received:
    1,513
    Occupation:
    Accounting / Law School
    Location:
    1 + (Idiots x CPA) = $Money$
    really glad to see knowledgeable people out here on this forum...this might help me as well...thanks given :)
     
    • Thanks Thanks x 1
  4. bornformoney

    bornformoney Senior Member

    Joined:
    Feb 22, 2011
    Messages:
    1,189
    Likes Received:
    1,513
    Occupation:
    Accounting / Law School
    Location:
    1 + (Idiots x CPA) = $Money$
    so now we see his email...just use it to spam on gay forums...he sure will get bombarded :p
     
    • Thanks Thanks x 1
  5. jason2009

    jason2009 Senior Member

    Joined:
    Apr 23, 2010
    Messages:
    1,005
    Likes Received:
    206
    Occupation:
    Student
    Location:
    Earth
    Hey bro,i can help you to get it back.PM me details.
     
    • Thanks Thanks x 1
  6. BlackxHat

    BlackxHat Power Member

    Joined:
    Oct 6, 2009
    Messages:
    591
    Likes Received:
    78
    fuk this sucks, not to jack your thread but what steps you should take to keep your site from getting hacked?
     
    • Thanks Thanks x 1
  7. guss0

    guss0 Newbie

    Joined:
    Jun 27, 2010
    Messages:
    2
    Likes Received:
    2
    My site also got hacked for the second time yesterday by the same people and I thought it was some type of redirect they were doing cuz I could see parts of my site direct through google. So now I'll go through these steps.. Thanks