Get exclusive CAP network offers from top brands

View CAP Offers

Need Help – Hacked by some ^$B&*#HDH#)@FU

[bsa_pro_ad_space id=2]
  • This topic is empty.
Viewing 15 posts - 16 through 30 (of 48 total)
  • Author
    Posts
  • #828707
    gokken
    Member

    @GamblingShares 245557 wrote:

    but it can be fixed as is

    Without actually having hands on access to the files, anything we say is speculation. Besides, while you and I could probably “fix” the site, it seems rmeeuwsen is not savvy with this situation. Hence, telling him to do XYZ may mean he may miss ABC, which we would pick up on.

    Who knows maybe his Cpanel password and WP admin p/w are set to myblackcat.:sarcasm:

    IDK because again everything is speculation with regard to these files and their current safety status. It’s why I’ve said delete the lot and start again.

    #828708
    wbprofits
    Member

    true
    and really have to see to tell what to do and how ( would take alot longer )

    but I thought it was Mybl@ckCat :exclamati

    #828709
    Anonymous
    Inactive

    I appreciate all the input!

    Before asking for help, I checked the htaccess and reviewed the site for new directories and udated files.

    I also installed a new wp setup. The new one worked fine. But as soon as I uploaded the old wp-config.php file, the site theme would not load up and the ‘login’ went to a different site.

    In fact, there are two other different sites hacked by this same ‘ahole’. The other hacked site is listed right at the top in the header section when you do a ” view-source:http://www.slotbonuses.info/

    PS – In previously trying out different backup plugins I found and liked the one I mentioned. But I obviously did not have it in place there – otherwise I would not be having this problem. It also did not ‘dawn on me’ that outdated plugins were also a vulnerability in addition to (even slightly) an outdated wp version.

    #828710
    gokken
    Member

    Problem is without actually viewing your files etc etc, I can’t offer any further help. It’s akin to looking for a needle in a haystack while wearing a blindfold.

    Reiterating, the advice I gave in this post is imo, the best for your current status qou.

    http://www.casinoaffiliateprograms.com/bb/48142-need-help-hacked-by-some-b-and-hdh-fu.html#post245545

    #828711
    wbprofits
    Member

    you will get there soon ,Just don’t make it worse !

    Good Luck

    #828712
    Anonymous
    Inactive

    does the config.php file have any other URL’s listed in than yours?

    or does it have any “unreadable” base64 code?

    #828713
    Anonymous
    Inactive

    I’m a bit surprised they got into the database. Usually it’s just a few files on your server.

    The first thing I always do is make a backup of all the files so that I can inspect them.

    Then I go to my whm and change the cpanel login details for the site.

    From there I delete all the site files and upload a clean version of the WP files (not the db).

    After reviewing all the files and cleaning them I write them over 1 by 1. (important files only).

    In this case I would create a new login and password for cpanel and make a backup of the db for inspection. You can do this from your whm link.

    #828716
    Anonymous
    Inactive

    @allfreechips 245565 wrote:

    does the config.php file have any other URL’s listed in than yours?

    or does it have any “unreadable” base64 code?

    No.
    It contained the same text as the one I had on my computer from 2 years ago.

    An oddity though.

    A plugin was dated yesterday – wp importer.
    I looked at that and saw nothing unusual.
    So I copied it and then deleted it.

    #828718
    Anonymous
    Inactive

    @fonzi 245566 wrote:

    I’m a bit surprised they got into the database. Usually it’s just a few files on your server.

    The first thing I always do is make a backup of all the files so that I can inspect them.

    Then I go to my whm and change the cpanel login details for the site.

    From there I delete all the site files and upload a clean version of the WP files (not the db).

    After reviewing all the files and cleaning them I write them over 1 by 1. (important files only).

    In this case I would create a new login and password for cpanel and make a backup of the db for inspection. You can do this from your whm link.

    I did a cpanel db backup – but inspecting it is beyond my skillset.
    Don’t know what to look for.

    #828719
    Anonymous
    Inactive

    I dont deal with wordpress so I can only help if you locate something :(

    #828722
    Anonymous
    Inactive

    @allfreechips 245575 wrote:

    I dont deal with wordpress so I can only help if you locate something :(

    Bummer.

    I’m still working on solutions, and looking for more suggestions.

    Thanks to all.

    #828728
    Anonymous
    Inactive

    Wouldn’t you know it, I woke up this morning to find one of my sites had been hacked. Thankfully I have a backup.

    I changed all the passwords, deleted every file on the server and now about to upload my backup.

    rmeeuwsen: I’d be happy to take a look if you want. PM me

    #828730
    Anonymous
    Inactive

    look over your server logs as well. Look at FTP logs, html logs, error logs.

    You may see somthing on the html logs like an unknown file name or a long string on a known file.

    #828732
    gokken
    Member

    Hi rmeeuwsen, I was kind bored yesterday and knowing you have a few sites I got curious. I did a few checks to see if any of your other sites were hacked, and if any share the same servers.

    Your site infoarea.com has also been hacked. But, not by the same hacker it seems.

    Kinda strange cause this TLD is not listed in your sites at the GPWA. But infoarea.com is used as your contact email info for lucky-777-casino.com, which hasn’t been hacked.

    Just a thought, but have you pissed someone off recently?

    #828733
    wbprofits
    Member

    @AussieDave 245597 wrote:

    Hi rmeeuwsen, I was kind bored yesterday and knowing you have a few sites I got curious. I did a few checks to see if any of your other sites were hacked, and if any share the same servers.

    Your site infoarea.com has also been hacked. But, not by the same hacker it seems.

    Kinda strange cause this TLD is not listed in your sites at the GPWA. But infoarea.com is used as your contact email info for lucky-777-casino.com, which hasn’t been hacked.

    Just a thought, but have you pissed someone off recently?

    Maybe infoarea.com was the scraper site and it distibuted the stolen content ?

Viewing 15 posts - 16 through 30 (of 48 total)