- This topic is empty.
-
AuthorPosts
-
October 9, 2012 at 5:39 pm #828707
gokkenMember@GamblingShares 245557 wrote:
but it can be fixed as is
Without actually having hands on access to the files, anything we say is speculation. Besides, while you and I could probably “fix” the site, it seems rmeeuwsen is not savvy with this situation. Hence, telling him to do XYZ may mean he may miss ABC, which we would pick up on.
Who knows maybe his Cpanel password and WP admin p/w are set to myblackcat.:sarcasm:
IDK because again everything is speculation with regard to these files and their current safety status. It’s why I’ve said delete the lot and start again.
October 9, 2012 at 5:45 pm #828708
wbprofitsMembertrue
and really have to see to tell what to do and how ( would take alot longer )but I thought it was Mybl@ckCat :exclamati
October 9, 2012 at 5:54 pm #828709Anonymous
InactiveI appreciate all the input!
Before asking for help, I checked the htaccess and reviewed the site for new directories and udated files.
I also installed a new wp setup. The new one worked fine. But as soon as I uploaded the old wp-config.php file, the site theme would not load up and the ‘login’ went to a different site.
In fact, there are two other different sites hacked by this same ‘ahole’. The other hacked site is listed right at the top in the header section when you do a ” view-source:http://www.slotbonuses.info/ “
PS – In previously trying out different backup plugins I found and liked the one I mentioned. But I obviously did not have it in place there – otherwise I would not be having this problem. It also did not ‘dawn on me’ that outdated plugins were also a vulnerability in addition to (even slightly) an outdated wp version.
October 9, 2012 at 6:07 pm #828710
gokkenMemberProblem is without actually viewing your files etc etc, I can’t offer any further help. It’s akin to looking for a needle in a haystack while wearing a blindfold.
Reiterating, the advice I gave in this post is imo, the best for your current status qou.
October 9, 2012 at 6:19 pm #828711
wbprofitsMemberyou will get there soon ,Just don’t make it worse !
Good Luck
October 9, 2012 at 6:42 pm #828712Anonymous
Inactivedoes the config.php file have any other URL’s listed in than yours?
or does it have any “unreadable” base64 code?
October 9, 2012 at 7:11 pm #828713Anonymous
InactiveI’m a bit surprised they got into the database. Usually it’s just a few files on your server.
The first thing I always do is make a backup of all the files so that I can inspect them.
Then I go to my whm and change the cpanel login details for the site.
From there I delete all the site files and upload a clean version of the WP files (not the db).
After reviewing all the files and cleaning them I write them over 1 by 1. (important files only).
In this case I would create a new login and password for cpanel and make a backup of the db for inspection. You can do this from your whm link.
October 9, 2012 at 8:19 pm #828716Anonymous
Inactive@allfreechips 245565 wrote:
does the config.php file have any other URL’s listed in than yours?
or does it have any “unreadable” base64 code?
No.
It contained the same text as the one I had on my computer from 2 years ago.An oddity though.
A plugin was dated yesterday – wp importer.
I looked at that and saw nothing unusual.
So I copied it and then deleted it.October 9, 2012 at 8:21 pm #828718Anonymous
Inactive@fonzi 245566 wrote:
I’m a bit surprised they got into the database. Usually it’s just a few files on your server.
The first thing I always do is make a backup of all the files so that I can inspect them.
Then I go to my whm and change the cpanel login details for the site.
From there I delete all the site files and upload a clean version of the WP files (not the db).
After reviewing all the files and cleaning them I write them over 1 by 1. (important files only).
In this case I would create a new login and password for cpanel and make a backup of the db for inspection. You can do this from your whm link.
I did a cpanel db backup – but inspecting it is beyond my skillset.
Don’t know what to look for.October 9, 2012 at 9:07 pm #828719Anonymous
InactiveI dont deal with wordpress so I can only help if you locate something
October 10, 2012 at 4:10 am #828722Anonymous
Inactive@allfreechips 245575 wrote:
I dont deal with wordpress so I can only help if you locate something

Bummer.
I’m still working on solutions, and looking for more suggestions.
Thanks to all.
October 10, 2012 at 12:41 pm #828728Anonymous
InactiveWouldn’t you know it, I woke up this morning to find one of my sites had been hacked. Thankfully I have a backup.
I changed all the passwords, deleted every file on the server and now about to upload my backup.
rmeeuwsen: I’d be happy to take a look if you want. PM me
October 10, 2012 at 1:13 pm #828730Anonymous
Inactivelook over your server logs as well. Look at FTP logs, html logs, error logs.
You may see somthing on the html logs like an unknown file name or a long string on a known file.
October 10, 2012 at 1:56 pm #828732
gokkenMemberHi rmeeuwsen, I was kind bored yesterday and knowing you have a few sites I got curious. I did a few checks to see if any of your other sites were hacked, and if any share the same servers.
Your site infoarea.com has also been hacked. But, not by the same hacker it seems.
Kinda strange cause this TLD is not listed in your sites at the GPWA. But infoarea.com is used as your contact email info for lucky-777-casino.com, which hasn’t been hacked.
Just a thought, but have you pissed someone off recently?
October 10, 2012 at 2:12 pm #828733
wbprofitsMember@AussieDave 245597 wrote:
Hi rmeeuwsen, I was kind bored yesterday and knowing you have a few sites I got curious. I did a few checks to see if any of your other sites were hacked, and if any share the same servers.
Your site infoarea.com has also been hacked. But, not by the same hacker it seems.
Kinda strange cause this TLD is not listed in your sites at the GPWA. But infoarea.com is used as your contact email info for lucky-777-casino.com, which hasn’t been hacked.
Just a thought, but have you pissed someone off recently?
Maybe infoarea.com was the scraper site and it distibuted the stolen content ?
-
AuthorPosts