Latest Announcemnent
New thread
Status
Not open for further replies.
I

iman24

Banned
Banned
572
2010
67
0
since 2 months ago my kaspersky 2012 detected my site as a torgan :facepalm:
so i changed all passwords for wordpress and CP immediately
then search in site's code for any strange java script or something
and i found redirect ugly java script

now since 2 days i noticed that my sites redirect to porn site
and i search the codes again then found redirect link too
but this time and searched in Google about the code
and the mail include in the code

guess what ?!?!? its a fucking hacker and hacked some sites before

This Site Hacked By Rz04
Rz04@yahoo.com
Click to expand...
Now, what should i do ? :(
 
12 comments
That are some excellent resources ThumperTM, thanks for sharing. @iman24, keep in mind that up to date installations only will keep your site safe, offcourse all together with the right password lengths and good virusscanners on your PC.

And beware even if your wordpress is up to date all your plugins are up to date and you ahve the right passwords, then you also need to make sure that other accounts, server software and stuff is also up to date. If you are on your own server, make sure you have the right pathches installed. If you are on a shared hosting account, also notify your hoster.

i found a great WP plugin mailing you when a new version of a plugin is ready for installing, this can help a lot:

http://wordpress.org/extend/plugins/mail-on-update/

Peter
 
than you not followed the security things needed for wordpress...

you have lot to do mate, protecting your config file, admin directory change and all...
 
Since the hacker has hacked you, it's possible that (hidden) backdoors are placed or not? If that's possible, I'd recommend you let someone (or yourself) do a total security check.
 
Do a file search for anything encoded in base64 - there shouldn't be any in wordpress but hackers love to hide their shit that way. One or two wordpress themes use base64 to encode email addresses to hide them from spammers, but not many.

Oh and iframes of course - look for those !
Also check file permissions - make sure they are all 644 or whatever - NO 777 !!!!!!!!!!! 777 is like sending a hacker a personal invite.
 
My wordpress site was hacked some time ago, I did a lot of research and came to know that to get RID of the hacker so he wont ever hack again:

1) you should download a backup of everything i.e. emails, files, database etc
2) ask the hosting company to perform a clean re-installtion of your account with no data in it
3) install a fresh copy of upgraded wordpress
4) install the backup. be sure of scanning the backup first
5) request the hosting company to increase security

To prevent the hacker getting in again:
1) as Mordokch said: no 777 permissions
2) do not install unknown wordpress scripts


That should prevent the hacker destroying your site again. Hope it helps :)
 
CodeGuard

I recommend using the CodeGuard plugin for future reference. It backs up and monitors your database and website files then sends an email if it detects any changes. Easy download and restore from there

www.codeguard.com
 
Look for shell backdoors, order files by creation date and open suspicious files. Also download all your website and analize with an Antivirus, sometimes arent codificated and can be detected.
 
Status
Not open for further replies.
Back
Top