Jump to content

Wordpress hacked need help recovering main page

digitalwolf
 Share

Recommended Posts

digitalwolf Newbie

digitalwolf

Posted
Posted

My website has been hacked, it was the wordpress portion of my site that was hacked not the hosting or domain.

 

iadagraca.com

 

i went to my website a few hours ago and we welcomed with this:

 

> Hacked By @lik0 <

 

# Dear Administrator,

# Your Website was Hacked !

# Just Testing My Skills S00ry ^.^

# This is Not a Joke, This is A Game :P ..

# Israel will die and u know that ...

# V8B@MSN.COM

#Lebanese Hacker Was Here

 

 

So using phpmyadmin i was able to fix my password by setting an e-mail recovery (it was deleted). simply changing the password didn't work because he also changed my user name to SQL (i have no idea how he did that with the wordpress interface...).

 

so i have access to word press, but i have no idea how to fix my main page. all my data is there, everything is fine, but how do i fix my home page?

 

please help.

cl58 Newbie

cl58

Posted
Posted

If you don't have a back up, there is unfortunately nothing we can do. When you signed up, you agreed to the ToS which states that we are not responsible for you content (i.e. backups). Your only option would be if you had your own backup.

jje Newbie

jje

Posted
Posted

It might be a good idea to search WordPress.org for details about hacks. Check your theme's files and htaccess file and see if any of the files seem changed or suspicious.

digitalwolf Newbie

digitalwolf

Posted
  • Author
Posted

that's why i posted this here, nothing related to heliohost was effected.

 

It also seems like they messed with nothing but my username and password to wordpress. i found nothing fiddled with in the theme files.

 

here is what i noticed so far:

 

as far as i'm concerned he didn't even access wordpress directly. i don't see any way to change a username in there yet some how he changed my login username (which i and erased my recovery e-mail.

 

the message on the site could be some kinda redirection, i can't find where it coming from but it doesn't appear to be related to a specific theme file because i can't even preview themes.

 

i wonder if he uploaded something but i don't know what it is, checking all my files modification dates everything is normal...

 

 

Krydos Grand Master

Krydos

Posted
Posted
that's why i posted this here, nothing related to heliohost was effected.

 

It also seems like they messed with nothing but my username and password to wordpress. i found nothing fiddled with in the theme files.

 

here is what i noticed so far:

 

as far as i'm concerned he didn't even access wordpress directly. i don't see any way to change a username in there yet some how he changed my login username (which i and erased my recovery e-mail.

 

the message on the site could be some kinda redirection, i can't find where it coming from but it doesn't appear to be related to a specific theme file because i can't even preview themes.

 

i wonder if he uploaded something but i don't know what it is, checking all my files modification dates everything is normal...

If you don't have a back up, which although you haven't said it directly it doesn't sound like you do, it might be the best idea to just delete everything that the hacker had access to and start a fresh wordpress install. Obviously, if you have a back up it would be best to restore everything from that back up. It's probably going to be a lot more work to go through a bunch of code that you didn't write and might not understand fully rather than just starting over and being sure you got all the hacked bits out of the system. At least that is what I would do. You never know if the hacker added some way to monitor what you change your new password to or a back door to make it easier to get in and get it all jacked up again easier next time.

digitalwolf Newbie

digitalwolf

Posted
  • Author
Posted
that's why i posted this here, nothing related to heliohost was effected.

 

It also seems like they messed with nothing but my username and password to wordpress. i found nothing fiddled with in the theme files.

 

here is what i noticed so far:

 

as far as i'm concerned he didn't even access wordpress directly. i don't see any way to change a username in there yet some how he changed my login username (which i and erased my recovery e-mail.

 

the message on the site could be some kinda redirection, i can't find where it coming from but it doesn't appear to be related to a specific theme file because i can't even preview themes.

 

i wonder if he uploaded something but i don't know what it is, checking all my files modification dates everything is normal...

If you don't have a back up, which although you haven't said it directly it doesn't sound like you do, it might be the best idea to just delete everything that the hacker had access to and start a fresh wordpress install. Obviously, if you have a back up it would be best to restore everything from that back up. It's probably going to be a lot more work to go through a bunch of code that you didn't write and might not understand fully rather than just starting over and being sure you got all the hacked bits out of the system. At least that is what I would do. You never know if the hacker added some way to monitor what you change your new password to or a back door to make it easier to get in and get it all jacked up again easier next time.

 

ugh, yeah you're right...

 

i wish i knew softopia could backup stuff :/

  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...