Site hacked with Malware

Hello,

I completely understand your plight. Few days back my wp site was hacked too but instead of malware, the sql data was wiped out.

The best approach (atleast, what I did to get my site back up) was to upload the backup that I had. If you do not take regular back ups of your site, check with your webhost, they do take back ups of the sites hosted with them at regular intervals.

Install a fresh version of WP. You can re-upload your sql file (i’m assuming it’s gonna be more than 50MB) so use bigdump (google for sql bigdump script) and use it to split your sql files into smaller sizes and you should be good to go.

>>how do I ensure my data stays intact

https://codex.www.ads-software.com/Hardening_WordPress

I also had a similar problem where our clients website was hacked.

the issue we had was the hack was using our website as a link farm and sending lots off dodgy links to various websites which made our website show up as malware with macafee and various other virus software.

This was a nightmare so i would advise you to check this. It also showed as a malware website in google.

You will need to contact the virus and the will give you a file to put in your root to verify your website. This may take a while for them to take you off the blacklist.

Make sure you update your website as soon as the upgrade comes out to prevent this, it is only older version off wordpress that we havent updated that have been hacked.

this was the latest version. I upgrade the MOMENT i get an upgrade notice.

how do I do a clean install of wordpress on my server and still have my old data intact? which folders should I NOT overwrite?

also how can i secure my DB?

https://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

https://ottopress.com/2009/hacked-wordpress-backdoors/

https://codex.www.ads-software.com/FAQ_My_site_was_hacked

thanks. but how do i make a clean reinstall?

for me to do a clean install i would do the following.

Complatetly back up everything in root folders and database.

using this plugin.
https://www.ads-software.com/extend/plugins/wp-db-backup/
for the database.

Then i would delete everything on the root and the database.

I would do a one click install on my hosting link it to a clean database.

then overwite the new database with the exsisting one.

and then just copy across the wp-content folder.

That should give you a clean install.

It you want to find out where the hack was do a comparision off your backed website files and your new clean install files.

i use this diffmerge its on the mac.

hope this helps.

read the top link

help! i am not a techie and cant understand whats wrong with the site. i reuploaded the wordpress installation (without deleting the contents folder and the db) but I still get the warning.

my site is at https://www.desicreative.com

can someone take a look, understand the warning and suggest what is wrong?

my tech guy cant sem to fix it either…

Hi,

listen dude, i’ve got the cure for you,cuz i had this problem before

all files

index.php
 default.php
 main.php

and when i’m talking about .php i’m also talking about .html / .htm / .shtml etc

now listen what u have to do,

1-first, don’t use your personal computer now
2-use another computer that is protected with a powerful antivirus
3-open your ftp using filezilla or another freeware, software whatever
4-now quickly rename every index.php to index.txt
download it to your computer,then goto your ftp again and rename index.txt to index.php as it first was.
5-open the index.txt that you have downloaded to your computer and delete the last code line that looks like:
<SCRIPT>blablablabla etc</SCRIPT>
6-save your file, then rename it to index.php and overwrite in your server
7-do the same thing to remaining index.php files
look into wp-content | wp-admin | …all your website

good luck dude ??

hi! thanks for the suggestion, but my index.php/html etc files look clean ??

open the infected page and look what there’s inside <body

and look in the bottom of the code if there’s <script></script>

you mean open the infected page in browser and look at ‘view->source’ or download index.php and look at it?

you are right. the bottom of page (when viewed through browser : view -> source’ is

<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-2848658-1");
pageTracker._trackPageview();
} catch(err) {}</script>

is this what you mean?

the website code, the code u found is google analytics, gime your webpage link i’ll check that myself