jeffsilang89

I did a bit more digging and when I visit the source code of the sitemaps both the www and non-www version are having exactly the same codes and content. It juts does not seem to load visually when I check the www version.

I did a bit more digging and when I visit the source code of the sitemaps both the www and non-www version are having exactly the same codes and content. It juts does not seem to load visually when I check the www version.

Hi Sarah, I suggest you change the username of the hacker right away as they again got access to my account and I had to reset the password via cPanel.

I just changed the username via the PhpMyAdmin, you can find the steps here for host gator – https://support.hostgator.com/articles/specialized-help/technical/wordpress/how-to-change-your-wordpress-login-username

The steps are pretty simple and should be similar for other hosting companies.

Now my problem is that the hack created a lot of fake URL’s and if I do a site search in google by typing “site:www.mydomain.com” I see a lot of gibberish Japanese text. It shows that there are 200,000 results when I only have 600 actual posts in my website =/

I installed wordfence and cleaned up my sitemaps the first time I got hacked since I noticed these were not proper but these Japanese texts still show up when I do the google search. Anyone here know how to fix this?

• This reply was modified 6 years, 11 months ago by jeffsilang89.

Hi acalerog, welcome to the party.

The hacker changed the username so you won’t be able to log-in at all. You will need to have access to your cPanel and depending on your host, work from there.

I use host gator and using the cPanel – quick install section – I was able to find my wordpress site installed with a different user name and I changed the password from there. The username however is still the hacker’s name Suryanata.

From my understanding you can also change username and password from the data base – that would be the PhpMyAdmin or something like that (also in the cPanel) then look for the users section. I have not done this yet since I am not too familiar with making changes in the data base itself.

How the hacker got into my wordpress site in the first place still baffles me, although I was never always keeping my website updated when new versions of wordpress or plug-ins or themes came out. So the fault was mine in that part. Now I update everything as soon as I see there is a new update.

Hi luminarias, welcome to the club.

Here are a couple of things I suggest:
– Gain wp-login access back by changing the Password of suryanata via your cPanel or back-end. I was able to this with my Hostgator cPanel – under software – Quick Install.
– Install WordFence Plug-In and run a scan. This showed me that my .htaccess or my index.php file had been altered and fixed that issue. Also it fixed some stuff in the wp-includes directory.
– Check your sitemap.xml. Mines was compromised and had thousands of URL’s linking to Japanese webistes. Delete that sitemap.xml if yours is also compromised then allow Google or another plug-in to generate a new one after. I found out a bit too late and now a lot of my google search results are showing up in Japanese and I am still figuring out how to clear it =(

As to how to change the name of suryanata I still don’t know. Hostgator support said that is “beyond their support”. If anyone could show me how to do that I would really appreciate it.

Hi Sarah, I haven’t fixed the username issue yet.

I looked into my Google webmaster / search console and noticed that there were a lot of errors in the Structured data. Doing the structured data live test revealed a lot of Japanese characters – pointing to Japanese websites selling furniture. It was a good thing i deleted the 301 redirect plug-in because I think the hacker wanted to use my website and redirect all traffic to those Japanese sites.

I think the hacker was able to install some type of engine in the wp includes directory or something that changed all my meta and tags in the structured data (if that makes any sense)

I did install a security plug-in called WordFence, did a scan and it found some errors (some malicious alterations in the index.php also something in the wp includes directory that said it was an ass engine executing malicious commands). Quickly followed the WordFence prompts and now my structured data looks fine (no more Japanese characters). Also I updated everything like themes, plug-ins, even the inactive ones, maybe the hacker got access from there, I did not update them since I was not using them anyway.

I will check with Hostgator if they can help me with the username issue, they said they can restore from a previous back-up with a small fee but I’m not 100% sure when it comes to restoring stuff.

I will also dig deeper to my public files using cPanel just to check nothing suspicious there. After installing wordpress 2 years ago I never visited my site from the back-end using cPanel.

I will update this thread if I have any luck.

• This reply was modified 7 years, 1 month ago by jeffsilang89.

Hi gals, I just wanted to share that I also got hacked by this same hacker – suryanata.

I was browsing my site using a mobile device at home the other day and noticed that the contact-form plug-in from jetpack was not showing, it was just showing the codes in the website, also I have a views counter plug-in which was also not showing up.

At first I thought maybe wordpress did an auto update since I do not edit my site so much, just post once in a while if I have new products. So the next day I tried logging in but I could not and was shook!

Then I reached Hostgator support and they showed me how to edit the password from the back-end via cPanel, when I was there I saw that the new user name was suryanata. I changed the password and was able to log in again from the front-end (wp-login).

I noticed that all my plug-ins were disabled. This was done by the hacker. And he installed a redirect 301 plug-in. I never had any use for redirect so I never had it installed before but now it was there, so I deleted it and activated my old plug-ins. I think the hacker is trying to get redirects – for what reason I do not know. I then updated my wordpress site to that latest version 4.something. WordPress used to do it automatically for me before but not anymore, maybe there was a security flaw in the last version that allowed this type of hack.

Also I saw the suryanata guy’s email was [redacted] – so maybe his Indonesian or just using an Indonesian domain.

Later on to my dismay I found out that wordpress does not allow usernames to be changed, so I can’t revert back to my own username and I’m stuck with this suryanata username for now. I created another user with admin rights just to be sure in the future. I am not too familiar with wordpress, if anyone would help me in figuring out how to remove the username suryanata and put my own back I would appreciate it.

Hopefully this goes up the chain and the wordpress developers see this so we don’t get hacked by this method again. I don’t even know if my site is safe right now from the same attack or not. My site does not have SSL since I never need my readers sensitive information, there is no payment thingy in my website, I just post products that we sell then they reach me via email or phone. Not sure if not having SSL caused this problem.

• This reply was modified 7 years, 1 month ago by jeffsilang89.
• This reply was modified 7 years, 1 month ago by Steven Stern (sterndata).