My WP hacked

[yasser37]

Hi all


some stupid hacker changed my site's homepage

I just want my home page back

I will give my ftp info to the guy willing to help if he's trusted

+

If he can increase my security I'll really happy


thanks

 

[Whoo]

Some more information would be good. Are you on a shared host/ VPS/ Dedicated server?

 

[yasser37]

well my friend bought me this assuming it's a reseller plan

 

[yasser37]

if anyone is willing to help I will gladly give ftp info

I also have a back up from nov 17th

tried to get my site back to that date but didn't work

 

[mmuyskens]

Sounds like its an SQL injection, do you have access to phpmyadmin or similar? I would suggest digging into the database.

 

[Voltar]

Well, it really could have happened many different ways. Your personal credentials could have been compromised/brute-forced, Your reseller's credentials could have been compromised (e.g. you're using a cPanel server and the server admin didn't disable the ability to login to accounts with the root or reseller password), or even the entire server could be compromised. It could have been caused by a vulnerability in a script or wordpress plugin, the possibilities are literally endless.

Your best course of action would be to make a backup of everything right now, and restore your previous backup (you do have one right? ). Then change all your passwords, and start looking through your logs to see if there is anything suspicious.

 

[shadow.prx]

reupload the index.php and delete index.html looks like the only defaced it

 

[yasser37]

I don't really know

as I mentioned I don't know the plan am currently on as it was a gift from a friend

I can provide cPanal info if needed too

 

[mmuyskens]

You have IM?

 

[yasser37]

reupload the index.php and delete index.html looks like the only defaced it

I tried looking for index.html but couldn't find it
as for plugins I didn't put any except a Contact Us plugin as I remember
I tried taking my site back to the backup but the index page didn't change yet

btw

all topics are still there

it's only the home page


http://arab-coderz.net/?p=317

PS:

I JUST TRIED TO LOGIN to my http://arab-coderz.net/wp-login.php
ad the password is wrong!


something big is going on here :'(

 

[mmuyskens]

Give me your IM detail and i'll contact you

 

[8ball]

So you know your FTP details ?

 

[yasser37]

I just retrieved my account

I have my friend as an admin so I used his account to get my pass back

now it's only about the homepage

I can' use IM

i have problems there

please tell me what to do or I can PM u details

it's fine

 

[mmuyskens]

Just PM me then. With cPanel info.

 

[yasser37]

Pm'ed I hope that u r trust worthy

 

[8ball]

was the site a forum?

 

[yasser37]

no

a wordpress

I just installed a forum but didn't publish the url yet

I was still working on it

 

[pirate-bb]

owned ...

 

[yasser37]

^^^

is that how u help?


I think that I wan't asking for ur opinion

I was seeking gd members' help

 

[CyberHacK]

you taken a look inside your index.php?