My Site was Hacked

[iman24]

since 2 months ago my kaspersky 2012 detected my site as a torgan
so i changed all passwords for wordpress and CP immediately
then search in site's code for any strange java script or something
and i found redirect ugly java script

now since 2 days i noticed that my sites redirect to porn site
and i search the codes again then found redirect link too
but this time and searched in Google about the code
and the mail include in the code

guess what ?!?!? its a fucking hacker and hacked some sites before

This Site Hacked By Rz04
Rz04@yahoo.com

Now, what should i do ?

iman24 Reviewed by iman24 on 6th Jun 2012. My Site was Hacked since 2 months ago my kaspersky 2012 detected my site as a torgan :facepalm: so i changed all passwords for wordpress and CP immediately then search in site's code for any strange java script or something and i found redirect ugly java script now since 2 days i noticed that my sites redirect to porn site and i search the codes again then found redirect link too but this time and searched in Google about the code and the mail include in the code Rating: 5

[ThumperTM]

'ello

If your site has wordpress please check below links:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com...-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/
http://sitecheck.sucuri.net/scanner/

Good luck.

[torrfriend]

you used the same admin as username.......??

[antpeks]

That are some excellent resources ThumperTM, thanks for sharing. @iman24, keep in mind that up to date installations only will keep your site safe, offcourse all together with the right password lengths and good virusscanners on your PC.

And beware even if your wordpress is up to date all your plugins are up to date and you ahve the right passwords, then you also need to make sure that other accounts, server software and stuff is also up to date. If you are on your own server, make sure you have the right pathches installed. If you are on a shared hosting account, also notify your hoster.

i found a great WP plugin mailing you when a new version of a plugin is ready for installing, this can help a lot:

http://wordpress.org/extend/plugins/mail-on-update/

Peter

[iman24]

@ ThumperTM & antpeks : thanks a lot guys really appreciated will check it now
@ torrfriend : Yes

[torrfriend]

than you not followed the security things needed for wordpress...

you have lot to do mate, protecting your config file, admin directory change and all...

[numinis]

Since the hacker has hacked you, it's possible that (hidden) backdoors are placed or not? If that's possible, I'd recommend you let someone (or yourself) do a total security check.

[iman24]

how to check for backdoors and block it

[mordokch]

Do a file search for anything encoded in base64 - there shouldn't be any in wordpress but hackers love to hide their shit that way. One or two wordpress themes use base64 to encode email addresses to hide them from spammers, but not many.

Oh and iframes of course - look for those !
Also check file permissions - make sure they are all 644 or whatever - NO 777 !!!!!!!!!!! 777 is like sending a hacker a personal invite.

[traxport121]

My wordpress site was hacked some time ago, I did a lot of research and came to know that to get RID of the hacker so he wont ever hack again:

1) you should download a backup of everything i.e. emails, files, database etc
2) ask the hosting company to perform a clean re-installtion of your account with no data in it
3) install a fresh copy of upgraded wordpress
4) install the backup. be sure of scanning the backup first
5) request the hosting company to increase security

To prevent the hacker getting in again:
1) as Mordokch said: no 777 permissions
2) do not install unknown wordpress scripts


That should prevent the hacker destroying your site again. Hope it helps