Site hacked?!

[inject0r]

Hi, my ddl page www.ddl-zone.org got hacked by

DR-MTMRD



and i really dont know what to do now? I can access WP-admin but I dont know how to remove that shit hacked message?

I ' m hosting at gearserve.-.


PLS HELP, cheers
​

 

[onel0ve]

just del index.html from public_html

 

[inject0r]

There's no index.html, just index.php which is for WordPress.

 

[vorazeal]

index.html in your public_html

If its index.php, than yes its the same

 

[soft2050]

Overwrite the index.php with the default wordpress file
Check few articles (search here) on how to protect wordpress websites from getting hacked

 

[speedbus]

Hey,
Your Theme was hacked (compromised as it is having a vulnerability), One of our techs have restored it.

We had to just replace your old theme files with the new index.php file of the theme you were using.

Also, PM'd You.

 

[masterb56]

What was the old theme?

 

[speedbus]

Well, I don't know if inject0r want's me to share the theme's name as it can lead to more issues (security issues) Please ask him, If you wish to know what it is.

 

[infernohuman]

Yeah, you need to change your index file from your theme...

So you were hosted on GearServe?
My site was hacked the same way, so this is GearServe's issue it seems

I'll think next time before recommending them to some1

 

[speedbus]

Yeah, you need to change your index file from your theme...

So you were hosted on GearServe?
My site was hacked the same way, so this is GearServe's issue it seems

I'll think next time before recommending them to some1

Hello,
Well, This time the hack was a WordPress theme vulnerability issue, Not a server security issue at our end.

 

[softleaks]

is this a javascript frame attack ??

 

[speedbus]

is this a javascript frame attack ??

Nope, It was not a javascript frame attack, just the index file's code was changed to a index file with that text mentioned by inject0r.

Which is a vulnerability which exists in the theme.

 

[inject0r]

It has been already fixed.
Maybe it was a theme bug, maybe not i dunno. i'm trying to make my blog more secure

 

[Cheetah]

@inject0r, keep every thing updated (wp,theme,plugin).

 

[masterb56]

Well if they can change your index.php they might have uploaded more shells on your site - that is usually the case, unless speedbus also checks for malicious shells?

 

[speedbus]

We run ClamAV quiet often to check for viruses etc.

 

[MediaStar]

Yeah, you need to change your index file from your theme...

So you were hosted on GearServe?
My site was hacked the same way, so this is GearServe's issue it seems

I'll think next time before recommending them to some1

Maybe he use nulled theme?

 

[pkwebhost]

I can see your issue already resolve
i suggest you run ClamAV regular

 

[masterb56]

We run ClamAV quiet often to check for viruses etc.

Not really talking about viruses but simple php shells disguised as wordpress files. Simply changing themes won't be enough if they had disguised their malicious files thoroughly Anyway good luck with the OP, consult a security analyst if you still have any probs.

 

[infernohuman]

Maybe he use nulled theme?

What is your point here?