Blog/Site Hacked/Malware help :(

  • My blog seems to have been hacked and I can’t seem to gain access to my admin login. I’m not sure what to do next.

    https://thesoundoffashion.ie/
    https://thesoundoffashion.ie/wp-admin

    I have my blog hosted on https://www.letshost.ie and I have emailed them multiple times about this issue and they are insisting that their server was not breached or hacked that WordPress on my site was breached with malware.
    I don’t have any backup’s of my blog and they are charging €50 to give us an earlier version of the blog before it was breached.
    They said the following;

    “The following file has recently changed (most recent timestamp – Oct 23 05:29 ) wp-content/themes/pipdig-aquae/footer.php, contains obfuscated/jumbled code and is generating the following errors since
    [15-Oct-2016 15:20:01 UTC] PHP Warning: fopen(.SIc7CYwgY): failed to open stream: No such file or directory in /home/thesoun2/public_html/wp-content/themes/pipdig-aquae/footer.php(9) : eval()’d code on line 82
    Further to the above our malware scanner found the following entries of note.:
    ‘/home/thesoun2/public_html/wp-content/plugins/all-in-one-seo-pack/all_in_one_seo_pack.php’
    # Script version check [OLD] [WP All In One SEO Ext v2.2.7.6.2 < v2.3.9.2]
    ‘/home/thesoun2/public_html/wp-content/themes/arubanights/footer.php’
    # Regular expression match = [decode regex: 6]
    ‘/home/thesoun2/public_html/wp-includes/version.php’
    # Script version check [OLD] [Wordpress v4.0.13 < v4.6.1]
    We would recommend asking your designer to clean up the code and update WordPress. Failure to keep WordPress up-to-date will result in code hacks/vulnerabilities.
    If you have any queries on the above, please let us know.
    Regards,
    Declan”

    We used a theme for the blog from https://www.pipdig.co/ and I’ve been in touch with the main developer and he found the code that cotains the malare. He said it wasn’t his theme that was causing the issue;

    “Hi Lauren,
    Unfortunately it looks like your website has been compromised with malware. I’d recommend contacting https://sucuri.net/ who will be able to help clean the files for you.
    Once the site is cleaned, you may wish to install a security plugin such as WordFence to try and avoid it happening again. There are also other security measures you can take, but I’ll let the experts handle that at Securi as they are much better placed to advise on this.
    I’ve attached a clean copy of your themes to this message for you. You will most likely need to install this as part of Securi’s cleanup process.
    Hope you get it sorted!
    Phil”

    I’m not sure what to do next, everyone is blaming someone else and I’m scared that all my hard work on the blog is gone ??
    What should I do? I can’t seem to log into the wp-admin on the blog.

    Thanks

    Lauren

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator t-p

    (@t-p)

    The Exploit Scanner plugin can help detect damage so that it can be cleaned up. Other things you should do:

    • Change passwords for all users, especially Administrators and Editors.
    • If you upload files to your site via FTP, change your FTP password.
    • Re-install the latest version of WordPress.
    • Make sure all of your plugins and themes are up-to-date.
    • Update your security keys.
    • See FAQ My Site Was Hacked.

    – When you’re done, you may want to implement some (if not all) of the recommended security measures.
    – If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you (e.g., Sucuri, Wordfence …).

    Make a full backup of your site with cPanel/FTP (your files and database)

    Next, replace your WordPress core files with fresh copies. (don’t just upload new ones, completely delete the old files/folders, and replace them… make sure it’s the same version of WordPress you currently have)

    Log in to your “new” WordPress and perform any available updates.

    Install/run WordFence. (make sure it’s set to compare your theme and plugin files against the repository), and fix any issues it finds.

    Install/run GOTMLS to find the remaining malware files.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Blog/Site Hacked/Malware help :(’ is closed to new replies.

Tags