Not working after being hacked

  • My website was hacked and after a few tips from my host I deleted, among other things, the folder plugins/facebook as it had a malicious file being used to generate and send out spam (I also delted a few other php files with he same modification date which were deemed suspicious). My host put my blog back online, but now I am unable to load it as it sticks at read 0.gravatar.com (I can see the avatar in firefox console). Can deleting the facbook plugin folder have something to do with the page not loading? My host took the site offline so I did not have the luxury of uninstalling the plugin through the wp control panel.

    In firefox console it also sometimes sticks at front_subscribers.js

Viewing 4 replies - 1 through 4 (of 4 total)

  • I would highly recommend looking into a professional service like Sucuri. There is a high chance that you will clean up parts of the hack, but will miss things such as a back door which would enable the attacker to get back into the site and re-implement their hack.

    If you really want to attempt things yourself I would read multiple blogs regarding site cleanup. Here’s one to get you started:
    https://www.intego.com/mac-security-blog/how-to-clean-up-and-secure-your-hacked-wordpress-site/

    Thread Starter geirrosset

    (@geirrosset)

    Sucuri comes up clean. But then again, it also came up clean shortly before my host shut me down the second time so I am not overly impressed as it missed (or was unable to see and scan) a fe obvious files which I found quite easily through ftp.

    This user was also having issues after being hacked. If you read through the thread you will see that their site too returned clean with the Sucuri free site scanner.

    After purchasing the premium upgrade they had the site cleaned up within the hour.

    https://www.ads-software.com/support/topic/help-removing-site-hack?replies=10

    Hi

    The issue with what you’re describing is in this statement:

    it had a malicious file being used to generate and send out spam (I also delted a few other php files with he same modification date which were deemed suspicious).

    I’d encourage you to read this post as it explains how SIteCheck works:
    https://blog.sucuri.net/2012/10/ask-sucuri-how-does-sitecheck-work.html

    What your’e describing is an infection, but not something SiteCheck would detect remotely, ever. It’s a server script in your directories performing a nefarious act. It’s why we’re able to clean it up, yet it shows clean on SiteCheck.

    In order for SiteCheck to see something it has to see something dirty on the browser.

    I hope this provides some clarity on the subject.

    Tony

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Not working after being hacked’ is closed to new replies.