westnile
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: home page hackedSo, it appears this is the only page that is messed up or somehow getting redirected to a new page.
Any ideas?
As I stated above login and set it to show ALL files look for anything with a weird name to it chances are they uploaded a hidden shell script in your root dir or one of the other dirs that allows them total root control of your space you lease from the provider.
Also ask your provider to have a tier 3 admin scan your site for any ports open that should not be.
Please trust me on this I used to be in that scene I gave it up because I have kids and a life and do not want to be involved with illegal activities any more.
I am going to school to help prevent this sort of thing and if those Saudi hackers are apart of another group that used to rival mine I know they have a hidden shell server on your box.
Some times they rename the shells to match the name of another file that is supposed to be there.
Download as much of your site as you can if not all of it and use a program that can edit php files like the freeware notepad++ and look inside each file for random things like user name password port etc stuff that should not be in any file that normally runs your site.
Also look for files with screwed up names and extensions they might be your main index.php or the shell server.
If you need more help please feel free to email me westnile at inbox.com if you live in the US or Canada and have free long distance
I would be open to letting you call me to help you fix this.Brandon
Forum: Fixing WordPress
In reply to: Theme ProblemsI don’t have any images on my main site which is myrandomdeals.com the only theme I can even get to half way work is holistic tea house I think its called.
How ever I did try to get the same theme to work on my sub domain diabetic.myrandomdeals.com and it wouldn’t work soon as any text was posted. I really wanted the feed me seymore theme or HeatMap Adsense Theme
but every time I just get it installed on a fresh wordpress installation and everything seems fine as soon as I post something it kerbunkles on me.It is getting kinda frustrating as I have quite a few ideas for certain things I want to do affiliate wise and I can’t because it does not load right with other themes that I would like to use.
I found a nice suttle theme to use for my brothers site I am going to make for him and his Tattoo business but I am afraid that as soon as I get wp installed get the theme installed then make a post it will screw up.
As I mentioned above I have attempted multiple things such as disabling all plugins and widgets and what not.
If it helps I do use hostgator as my hosting provider.
Sorry for the late response I have 2 kids one will be 2 soon an the other is 4 months old lol.
Forum: Fixing WordPress
In reply to: home page hackedStart by contacting your hosting provider and get logs for your domain.
Second when your in your cpanel or what ever you have with your provider look for any weird named files chances are they renamed your index.php and it is still there.
Third there are various tools you can use for a 15-30 day trial to scan your site for open vulnerabilities look into Nessus and also look into scanning with nmap…ask your hosting provider first before using nmap as it may scan more than just your site there might be multiple sites hosted on the same IP and it would be considered malicious to scan the IP with nmap without permissions first.
Nessus and few other tools can scan just your domain only after you get your site functioning again I suggest the wp-sentinel plugin it has saved my site a few times.
Also if your using cpanel there is a option in the file manager to see hidden files check that option and look for anything out of the ordinary there could be a hidden shell script that gives them full access to everything if you find a weird file there is a code editor built into cpanel open the file in it and look for words like port with numbers after it and email user name etc.
If you can verify its a shell with the info I provided to look for then make a backup and delete it immediately and email your host provider with details of it.
Also Check the logs very carefully for ip addresses around the time it was hacked if using cpanel you can filter ip addresses with wild cards but talk to your hosting provider before filtering IP’s especially in the case if it came from a IP in their network.
Hope this helps.
Brandon