Killing a Virus

To change the database password, you need to change it at your hosting service as well as in wp-config.php, or else WordPress won’t be able to connect to the database. Look in your hosting control panel for how to change the database password. For the FTP password, you need to also go to your hosting control panel.

Don’t use dreamweaver to edit text files. On OS X, use Textedit.

See How to completely clean your hacked wordpress installation and How to find a backdoor in a hacked WordPress. Check for other administrators in WordPress users. Have him scan his WIndows PC for malware such as keyloggers.

His previous designer/coder is MIA and my dad doesn’t know any of the hosting information. I looked up the db host in the wp-config.php file and it says:
$_ENV{DATABASE_SERVER}

Is there a way I can find out who is hosting his site?

Thanks

Do a whois search – enter the name and the host should show up:

https://ismyblogworking.com/

https://www.dnsstuff.com/?ptype=free

That $_ENV{DATABASE_SERVER} is not the standard way to call a database server in wp-config.

You’re probably also going to need the domain registrar. Use the links above or post your URL here.

Okay, looks like his hosting is through Media Temple. If I can’t get ahold of his previous designer, who most likely has this site under his account, is it possible to be able to get the login information?

His website is – post911foundation.org

If your father pays for the account with his credit card, yes. You can call for help, just have that card info handy!

The domain is registered to Tier One Solutions, LLC 5705 Interbay Bvd, Tampa, FL. Is that you?

That’s his security company. That means he must have the login info tucked away somewhere.. I’ll have to bug him to look for it again.

Thanks for your help guys

He may not have the login info.

Remember: Domain registration DOES NOT always equal Hosting info.,

You want Web Host info, which you said was Media Temple. Who pays media temple? They can get you into your server and, thus, your wordpress database, where you can get your admin access etc.

Ok, I got the info from him. I can log into his account through Network Solutions, but I’m not sure on how to change the db password from there.

I don’t think you can, unless NetSol has the database. They’re the registrar, it sounds like.

If MEDIA TEMPLE is your Web Host, THEY have the database.

And you want to do this: https://codex.www.ads-software.com/Resetting_Your_Password

Get into the media temple account.

(FYI, some people have their host be their registrar, others don’t, which is why I feel it’s important to make sure you get the web host login info)

Domain registration and hosting are separate in many cases, and in your case, they are, as your domain is registered at NetSol, but the namesrvers there point to Media Temple, which is the hosting.

Hey Guys,

Sorry it’s taken so long to get back, but I’ve been waiting to hear back from Media Temple.. There’s a bigger issue now though. When I try to pull up the website I get this error, both from the site and the back end admin for wordpress:
Forbidden
You don’t have permission to access /wp-admin on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.0.54 Server at post911foundation.org Port 80

I have no clue what that could be from.. Any ideas?

Thanks for your help

Either the directory permissions were changed for some reason, or your whole site is gone. The files might have been wiped by Media Temple if your hosting account was closed or becuase of the malware. Your database might still be there.

Damn..

I called them a few days ago, but they wouldn’t give me any information because my name wasn’t on the account. They told me they would email my father with the account info, but they still haven’t done that yet.

It would probably be best to call them after I get that info to help resolve the issue, right?