Site was hacked with spam :(

  • Resolved yourpfpro

    (@yourpfpro)


    10 years, 4 months ago

    So my site was hacked with spam at some point in the last week or so (not even sure) I’m guessing. Basically the hackers just created a bunch of spammy pages with links, etc

    I went into google webmaster tools and did a fetch as google, I guess this re-directs all the spammy links to my homepage? Then I installed wordfence and did a scan and cleaned everything out, updated all my plugins, changed cpanel and wp admin passwords.

    Everything appeared good for a few days but then this morning worfence scan found that index.php had been modified and a bunch of new spammy pages had been created. I restored the file to original and that seemed to fix it but since it happened again, I know I’m still vulnerable.

    I don’t know when I got this virus and I feel like it would be a huge hassle to restore from a back-up so what’s my best option?

    https://www.ads-software.com/plugins/wordfence/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter yourpfpro

    (@yourpfpro)

    Looks like spam pages are actually still there. Here’s an ex: https://therideshareguy.com/?index.php=work-from-home/work/

    Ran another scan:

    This file appears to be malicious

    Filename: wp-includes/core.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 18 secs ago.
    Severity: Critical
    Status New
    This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “eval($_POST[“.

    WordPress core file modified: index.php

    Filename: index.php
    File type: Core
    Issue first detected: 40 secs ago.
    Severity: Critical
    Status New
    This WordPress core file has been modified and differs from the original file distributed with this version of WordPress.

    Do you have the free or premium version?

    Thanks

    I got hacked too this past weekend. And I installed WordFence as a countermeasure. Unfortunately it was too late. Like you, I noticed that WordFence doesn’t detect .php (and .html) files that aren’t part of the WP core, even if they have names that to a human eye obviously aren’t part of a normal WP install.

    If you’ve removed files and they come back, then, you’re in trouble. They might be deep in your database, or they might have a backdoor still open to your site that will render your cleaning attempts useless.

    No matter what you do please heed this warning: BACK UP YOUR POSTS NOW!!! Go to “Tools -> Export” and export everything. Take screen shots of your site, your WP dashboard and your plugins in case you need to reconstruct everything from scratch.

    You never know when your site could be taken down completely, or shut down by your host because your hackers have turned your site into a brute force bot.

    I had back-ups done through my host (Digital Ocean) they saved my behind. Do not rely on WordFence to protect your site any further – if files come back after you’ve cleaned them and WordFence isn’t detecting them, your site is compromised beyond easy repair.

    @harry Since we’re working this on the premium site, let’s continue the discussion there.

    Hope you fared well in Vegas and won for me on the nickle slots ??

    tim

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Site was hacked with spam :(’ is closed to new replies.