That is one bad looking hack! Do you have a backup from before the damage? If not, you may want to check with your hosting company to see if they have a backup available.
We registered the domain mtsifoodbank.org through WordPress originally and Wild West Domains is the registrar. GoDaddy is hosting.
But now there is some strange stuff showing up. And I cannot login here: mtsifoodbank.org/wp-admin – I am being forwarded to another site automatically which shouldn’t be happening at all.
Please advise.
Thank you!
GoDaddy does keep backups – ask them how far back their backups go? BTW, they don’t have the best reputation re hacked servers so make sure you talk to them about this too.
Ok, I just talked to them on the phone for over an hour and they referred me back to you – just do me a favor, please, and click on mtsifoodbank.org/wp-admin and you’ll see what I mean. All I want is to login to manage my website content and I cannot do it so please advise.
As for the backups – I have been making backups on a regular basis and we store them in our cloud and on local devices so we are good here.
Hi
Sorry to hear about that.
Just replace the WordPress Files with the latest installation.
Except the /wp-content directory & wp-config.php (More like Manual WordPress Updation) – Hope it work.. (Take DB & files backup before updation)
.
Also Seems like your theme is infected. Hackers done changes in theme files too. But lets go with the First step
I tried to replace the WP installation but that did not yield any results.
I am still not able to login to WP admin.
Any other ideas?
Did you replace your database from backup?
I filed a complaint with the Attorney General’s office this morning. I still can’t access my WordPress account since it’s still being forwarded to that malware site. Tried the backup route but to no avail.
Nope, didn’t work. The front page mtsifoodbank.org is a sneakers store now while the sub-pages are still accessible.
http://mtsifoodbank.org/volunteer-2/
Their real site is also hacked. You are both hosted by GoDaddy. I think there is something here beyond a normal (is there such a thing?) hack.
You both are hosted on Microsoft-IIS/8.0
Powered by: ASP.NET
Thank you for the information. I am hoping that my complaint with the AG’s office will compel GoDaddy and the registrar to share more information. I have never seen anything like this before. It is annoying to say the least š
But.. Can’t you access your site through ftp, change your web.config to block all traffic except your own IP, then start cleaning up without logging in to WP? (e.g. remove the non default themes, upload a database backup using something such as phpmyadmin, etc.)
