Is my site hacked?

  • Resolved kcurreri

    (@kcurreri)


    8 years, 11 months ago

    Hello,

    I noticed a weird issue with my website today, it looks like it’s been hacked but I’ve never personally seen something like this and I can’t find anyone via google who’s had a similar issue.

    I got a google webmaster alert for a new blog post on my website that I didn’t put there: https://www.buckleupstudios.com/what-happened-to-the-band-the-cranberries/

    It is obviously not right and there are a lot of other suspicious posts on the sidebar. However, I don’t see these posts listed when I log into my WordPress dashboard and they are not in my phpmyadmin database dump. They are also not on my main blog.php index page or the “recent posts” widget on my homepage.

    As far as I can tell the posts are not on my server but they are showing up on my website. Does that sound like a specific hack?

    I’ve used a bunch of different tools to scan and everything is coming back saying my site is clean and unaffected.

    I have backups and I’m pretty sure I can fix the issue, but if anybody could answer the following questions I’d be super grateful:

    1. What is the name of this attack? I’d like to google and learn more about it so I can figure out what went wrong and how to prevent in the future.
    2. How can I detect if this hack has happened on my other sites? I’ve scanned but my site keeps coming up clean. I would have never known about this if Google Webmaster hadn’t sent their general update email

    Thank you so much for your time.

Viewing 7 replies - 1 through 7 (of 7 total)

  • You got alot going on here. My guess you were hacked. It happened to me recently – not all hacks present themselves the same way.

    Here is what I did.

    Normally before recovering anything I copy what I already have. I decided not to.

    You can spend ALOT of time drilling down to how/what/who hacked you.

    OR

    if the situation is acceptable, have your host (or you) recover your entire instance of WordPress. Obviously you absolutely have to know how far back you can safely recover to. For all you know your copy is a copy of a hacked website. If you do not have a copy to recover to that is another thing.

    So. If this is your situation – you know of a safe copy to restore (not just content) restore it – if acceptable to recover to that copy (could be last week) then just do the shotgun recover approach and save yourself alot of big headaches.

    IF you have the time and energy you can chase it down. Then, after you have figured it out you may still need to recover to a past copy (likely).

    IF you are recovering an e-commerce site that is a whole new ball-game.

    So, I don’t have any wisdom here. My focus is to safely, quickly getting back into the ballgame and then, if time, chase down the hack.

    Keep in mind it could be you who got hacked or your host or both of you. Whatever you decide to do contact your host on the issue.

    Hope this helps in some way.

    Good luck.

    Jerry

    Thread Starter kcurreri

    (@kcurreri)

    Thanks for your insight Jerry!

    I see where you’re coming from, sometimes it’s best to fix it and move on.

    I guess I could do that but most importantly I’d like to know how to detect this attack on other websites. I manage a bunch of websites (a lot on the same server as the attacked site) and I want to go through each site to see if any are doing the same thing.

    At this point, I’m having a hard time just getting my site (which is obviously hacked) to fail any tests.

    Thanks again!!

    Thread Starter kcurreri

    (@kcurreri)

    I got this figured out by deleting and reinstalling a backup and making a few security changes. Pretty much followed this: https://codex.www.ads-software.com/FAQ_My_site_was_hacked

    Any mods here? In hindsight maybe that link should be deleted since it was linked to a hacked page filled with viruses. Not sure the policy on that but figured I’d mention it.

    @kcurreri @ggbusta

    Help me out to resolve hacking issue

    https://www.ads-software.com/support/topic/site-may-hacked?replies=14#post-8308759

    I have delete entire site and uploaded correct old backup files. Still google shows alert as “this site may be hacked”.

    I couldn’t find any hacked code or malicious software in my wordpress files.

    Have some patients. check your robot.txt file.
    next time the google robot visits your site they will make your site visible.

    Thread Starter kcurreri

    (@kcurreri)

    Hey tamilvananmt,

    If you replaced the files and cleaned up your site and you’re sure you got everything then it may take a little time for google to update their end.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Is my site hacked?’ is closed to new replies.