Think I've Been Hacked - Need Help & Advice
 

So I think one of my websites has been hacked.

When you go to the home URL it opens some random site that's not mine which then redirects about 4 times before finishing on a random advert that changes each time.

I can still login via FTP and everything seems normal there.
Other sites I run hosted on the same server are unaffected.

The site runs on Wordpress. What is the quickest and easiest way to locate the hack and remove it?

It seems like it's something to do with a domain hack rather than server side. I initially thought my domain had expired but there is a year to run yet.

Burn everything and salt the earth. Only then will you be cleansed of the evil that has cursed you.

First thing, change all the passwords (vps, login into site et cetera).

Step 1
Delete wordpress
Step 2
That's it.

First you need to determine what is causing the redirect.

Is it happening due to javascript being injected in your hompage (check the HTML of the page), or because of a hacked .htaccess file?

Once you figure out how the redirect is happening, you can try and figure out what is causing it and plan how to deal with it.

The .htaccess was the first file I checked but it's fine.

I just did a who.is on the domain and it's still showing my details but the site status shows as inactive whatever that means.

I have looked through a few files (index.php, home.php, footer.php) and can't find anything strange.

Also, all the files (within the themes folder) all show as last modified at some point last year.

This is the first page that loads hstraffa.com

Is it domain name injection?

Looking though my pages on Google I have come across a Russian page within the /videos folder.

Now found 30 of the damn Ruskie pages.

which .htaccess file? You should have one in your wp-admin folder that only allows your IP.

I don't have a .htaccess in the /wp-admin folder. Just in the root directory.

So, from the looks of it all these pages that have been created are from the same folder /video directory.
I thought, sweet delete the directory and problem solved.

The trouble is I can't find this directory through FTP so I can only presume it's a category??
Does anyone know how to view categories in phpmyadmin so I can delete this /video folder.

I would like to hope that in the next 15 minutes that you do. ;)

Order allow,deny
Allow from (your IP here)

Then add this to your root directory htaccess and change 123\.123\.123\.123 to your IP address

Well yeah. If I ever get my site back.

These guys always place backdoors. scan your server with https://ispprotect.com/ if it's a linux box.

There's three tables that hold WP's category info: wp_terms, wp_term_relationships, wp_term_taxonomy.

https://codex.wordpress.org/WordPress_Taxonomy

Only need to ftp in to set that up. Good place to start...

Still need help.

The content generated that is probably causing the issue is from a directory called "video" however I can find no video directory using FTP.
I then thought maybe it's a video category but I can't find one of them either.

I have even gone into phpmyadmin and been through all the posts and I can't find any of the posts Google says I have.

Anyone any ideas?

Dude just pull your backup from a week ago and restore

Backup? Wtf is a backup?

Those were my exact words.

I didn't touch the site for nearly 2 years.