Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Here is the link to my site. For some reason it didn’t show up in the original post.
I will look through the links provided. Thanks
Brad
I see this is still ongoing sadly. It’s crazy that people do this, though you have some options.
1. Contact your web host.
If your web host maintains daily and weekly backups, hopefully they will be able to recover your website from prior to this event.
Once they do so, you’ll want to make sure all of your passwords are
changed and likewise ensure all scripts on your site are updated.
2. Web host has no backups.
Ok, so your web host has no backups. If this is the case, you’ll need to log into your website via FTP and start looking around for newly dated files, then work to remove any hacker code you find in them.
In summary, there’s really not much we can do here in the forum.
Someone will need to log in and remove all the hacked pages and any
lingering back door scripts. There is no magic bullet or quick and simple way to do this.
Thanks for all of the great advice. Unfortunately my hoster does not back up my account. I will dig around in my site and see if I can find files that are not supposed to be there.
I have one last question, if you don’t mind. I have already uploaded the recent version of WordPress including the index file, however, my URL does not seem to point to my site. When you type http://www.YourLowMortgage.ca in a browser the screen just turns white (or gives a server error depending on the browser you use).
The .htaccess file looks like this:
Options FollowSymLinks MultiViews Indexes ExecCGI
AddType application/x-httpd-cgi .izri
AddHandler cgi-script .pl
AddHandler cgi-script .pl
Could that be my problem?
Thanks
I have the same problem with my site right now. I have seen you could fix your own site. Do you remember the way? Which folders have hacked?
Thanks
As per the Forum Welcome, please post your own topic. Your problem – despite any similarity in symptoms – is likely to be completely different.
The hackers said they only changed the index file within the site template, so reinstalling that should fix the issue. However, the site you are now looking at is new and not the original site that was hacked. I was unable to fix it so installed a new template and things seemed to work.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
The hackers said they only changed the index file within the site template, so reinstalling that should fix the issue.
I’m afraid that reinstalling doesn’t fix anything it just treats the symptom. You really need to lock down your installation or someone will be able to modify the files again.
Hi Guys.
Same has happend me with same Hacker Team. Database looks ok and I was running latest WordPress. This is also a Mortgage site like yourlowm above.
I’ve spent the past few hours trying to fix this with my painfully slow hosting provider.
They might have a backup but still awaiting them to get back to me. I am hoping that this will restore my site and that I can make some changes to it for better securiry.
steps I have taken to try resolve this.
I was using a modifyed twetyeleven theme for this webite and found the following infected files
themes/twentyeleven/header.php
themes/twentyeleven/404.php
themes/twentyeleven/index.php
I replaced them with a fresh copy ( No effect )
I downloaded a fresh copy of wordpress and overwrote all site files ( No effect )
I cannot login to the dashbard area with my username or passwrods as the seem to have changed. Even the forgot password does not seem to remember my email address.
If I do get this resolved I will post full details here.
For this problem check theme files, sometime header.php is totally replaced.
And they hide a javascript in database, wp_options table. Find and delete an option_name called widget_text, value beginning with:
<script>document.documentElement.innerHTML = unescape(''%3c%68%74%6d%6c%3e%0d%0a%3c%74%69%
If you have doubts about the content, deobfuscate here
http://www.patzcatz.com/unescape.htm
And of course do the rest… check you computer for trojans, update wp and plugins, change passwords, change Authentication Unique Keys and Salts in wp-config, backup etc
Thank you. I was asked to repair a site infected with Haxorsistz and this thread was instrumental in me being successful.
The site actually had multiple infections, including 2 instances of infected data in table wp_options as suggested by wpfixes. There were 5 modified/new files: functions.php and 404.php in the theme folder of the theme being used, a new file called gay.php in the wp-admin folder, a new file called selli.php in the root and a modifed index.php file in the root.
I have changed passwords and done all the other more general suggestions too. Thanks again!
Hi All,
My website got hacked by Haxorsistz as well.. now I got back the control of the site and am working on everything to recover it. Does anybody happen to know how to recover from the garbled code within wp-admin? something like: 銝�游��迭�◢摮�璇典�
It looks fine outside but it’s a mess within wp-admin. I tried to delete wordpress, reinstalled, but found it’s still broken if I connected to previous database. Could anyone advise if is there anything I could do?
Andrew Nevins
(@anevins)
WCLDN 2018 Contributor | Volunteer support
