Jump to content

Wordpress hacked need help recovering main page

digitalwolf
 Share

Recommended Posts

digitalwolf Newbie

digitalwolf

Posted
Posted

My website has been hacked, it was the wordpress portion of my site that was hacked not the hosting or domain.

 

iadagraca.com

 

i went to my website a few hours ago and we welcomed with this:

 

> Hacked By @lik0 <

 

# Dear Administrator,

# Your Website was Hacked !

# Just Testing My Skills S00ry ^.^

# This is Not a Joke, This is A Game :P ..

# Israel will die and u know that ...

# V8B@MSN.COM

#Lebanese Hacker Was Here

 

 

So using phpmyadmin i was able to fix my password by setting an e-mail recovery (it was deleted). simply changing the password didn't work because he also changed my user name to SQL (i have no idea how he did that with the wordpress interface...).

 

so i have access to word press, but i have no idea how to fix my main page. all my data is there, everything is fine, but how do i fix my home page?

 

please help.

Link to comment
Share on other sites
cl58 Newbie

cl58

Posted
Posted

If you don't have a back up, there is unfortunately nothing we can do. When you signed up, you agreed to the ToS which states that we are not responsible for you content (i.e. backups). Your only option would be if you had your own backup.

Link to comment
Share on other sites
digitalwolf Newbie

digitalwolf

Posted
  • Author
Posted

that's why i posted this here, nothing related to heliohost was effected.

 

It also seems like they messed with nothing but my username and password to wordpress. i found nothing fiddled with in the theme files.

 

here is what i noticed so far:

 

as far as i'm concerned he didn't even access wordpress directly. i don't see any way to change a username in there yet some how he changed my login username (which i and erased my recovery e-mail.

 

the message on the site could be some kinda redirection, i can't find where it coming from but it doesn't appear to be related to a specific theme file because i can't even preview themes.

 

i wonder if he uploaded something but i don't know what it is, checking all my files modification dates everything is normal...

 

 

Link to comment
Share on other sites
Krydos Grand Master

Krydos

Posted
Posted
that's why i posted this here, nothing related to heliohost was effected.

 

It also seems like they messed with nothing but my username and password to wordpress. i found nothing fiddled with in the theme files.

 

here is what i noticed so far:

 

as far as i'm concerned he didn't even access wordpress directly. i don't see any way to change a username in there yet some how he changed my login username (which i and erased my recovery e-mail.

 

the message on the site could be some kinda redirection, i can't find where it coming from but it doesn't appear to be related to a specific theme file because i can't even preview themes.

 

i wonder if he uploaded something but i don't know what it is, checking all my files modification dates everything is normal...

If you don't have a back up, which although you haven't said it directly it doesn't sound like you do, it might be the best idea to just delete everything that the hacker had access to and start a fresh wordpress install. Obviously, if you have a back up it would be best to restore everything from that back up. It's probably going to be a lot more work to go through a bunch of code that you didn't write and might not understand fully rather than just starting over and being sure you got all the hacked bits out of the system. At least that is what I would do. You never know if the hacker added some way to monitor what you change your new password to or a back door to make it easier to get in and get it all jacked up again easier next time.

Link to comment
Share on other sites
digitalwolf Newbie

digitalwolf

Posted
  • Author
Posted
that's why i posted this here, nothing related to heliohost was effected.

 

It also seems like they messed with nothing but my username and password to wordpress. i found nothing fiddled with in the theme files.

 

here is what i noticed so far:

 

as far as i'm concerned he didn't even access wordpress directly. i don't see any way to change a username in there yet some how he changed my login username (which i and erased my recovery e-mail.

 

the message on the site could be some kinda redirection, i can't find where it coming from but it doesn't appear to be related to a specific theme file because i can't even preview themes.

 

i wonder if he uploaded something but i don't know what it is, checking all my files modification dates everything is normal...

If you don't have a back up, which although you haven't said it directly it doesn't sound like you do, it might be the best idea to just delete everything that the hacker had access to and start a fresh wordpress install. Obviously, if you have a back up it would be best to restore everything from that back up. It's probably going to be a lot more work to go through a bunch of code that you didn't write and might not understand fully rather than just starting over and being sure you got all the hacked bits out of the system. At least that is what I would do. You never know if the hacker added some way to monitor what you change your new password to or a back door to make it easier to get in and get it all jacked up again easier next time.

 

ugh, yeah you're right...

 

i wish i knew softopia could backup stuff :/

Link to comment
Share on other sites
  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...