Think I've Been Hacked - Need Help & Advice
So I think one of my websites has been hacked.
When you go to the home URL it opens some random site that's not mine which then redirects about 4 times before finishing on a random advert that changes each time. I can still login via FTP and everything seems normal there. Other sites I run hosted on the same server are unaffected. The site runs on Wordpress. What is the quickest and easiest way to locate the hack and remove it? |
It seems like it's something to do with a domain hack rather than server side. I initially thought my domain had expired but there is a year to run yet.
|
Burn everything and salt the earth. Only then will you be cleansed of the evil that has cursed you.
|
First thing, change all the passwords (vps, login into site et cetera).
|
Step 1
Delete wordpress Step 2 That's it. |
Quote:
Is it happening due to javascript being injected in your hompage (check the HTML of the page), or because of a hacked .htaccess file? Once you figure out how the redirect is happening, you can try and figure out what is causing it and plan how to deal with it. |
Quote:
I just did a who.is on the domain and it's still showing my details but the site status shows as inactive whatever that means. I have looked through a few files (index.php, home.php, footer.php) and can't find anything strange. Also, all the files (within the themes folder) all show as last modified at some point last year. |
This is the first page that loads hstraffa.com
|
Is it domain name injection?
Looking though my pages on Google I have come across a Russian page within the /videos folder. |
Now found 30 of the damn Ruskie pages.
|
Quote:
|
Quote:
|
So, from the looks of it all these pages that have been created are from the same folder /video directory.
I thought, sweet delete the directory and problem solved. The trouble is I can't find this directory through FTP so I can only presume it's a category?? Does anyone know how to view categories in phpmyadmin so I can delete this /video folder. |
Quote:
Order allow,deny Allow from (your IP here) |
Quote:
Code:
<IfModule mod_rewrite.c> |
Quote:
|
These guys always place backdoors. scan your server with https://ispprotect.com/ if it's a linux box.
|
Quote:
https://codex.wordpress.org/WordPress_Taxonomy |
Quote:
|
Still need help.
The content generated that is probably causing the issue is from a directory called "video" however I can find no video directory using FTP. I then thought maybe it's a video category but I can't find one of them either. I have even gone into phpmyadmin and been through all the posts and I can't find any of the posts Google says I have. Anyone any ideas? |
Quote:
|
Quote:
|
Quote:
I didn't touch the site for nearly 2 years. |
All times are GMT -7. The time now is 05:06 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc