yellek

I have managed to resurrect my site and it looks like the hacks have been removed. Here is what I did (YMMV):

1. Backed up the site files
2. Backed up the database
3. Created an environment for testing on my local machine using WAMP
4. Restored my database to the local environment
5. Unzipped a new copy of WordPress 2.8 to my local environment
6. Modified my config files to point to the local database.
7. Reinstalled my plugins and themes. At this point everything looked OK with no hacks in place.
8. Deleted completely my old installation on my web host
9. Uploaded my new installation
10. Changed the config file over to contain the server DB connect parameters
11. Deleted the active plugins value from the config table to remove references to the hacked plugin files
12. Reenabled my plugins
13. Switched the URL options to a different scheme and then back again to repopulate the page caches.

2 Important things to note: I lost all of my uploaded files and images. I didn’t want to take the risk of having a corrupted image file hanging around. Also this would not have worked if the data in my database had been altered to contain hacked pages.

Yeah I have CPanel access as well as FTP so I can clean things up if I need to, the only issue will be getting all of the old post data out without XML export working. I have a database backup but I’m suspecting that there may also be hacked code resident there too.