the website is troubledone.com you can view it to see the hack. Originally it was a wordpress blog. I'm hoping that I can get it back to its original state without too much trouble. I have tried replacing the index.php with the original but no luck. Any ideas?
Ouch! A friend's got hit as well just because his site was hosted on an American server (we're British) and I think that was the reason, too. Unless you've got a backup you can restore it too or your service provider has been making backups (it's worth asking!) there isn't anything you can do.
K thanks. I don't personally have a backup but I was able to login into my wordpress admin. So atleast I can grab all of the content with relative ease. I'm going to see what my host has to say about it.
Changing hosting won't necessarily fix it as we don't know the reason the site was hit - being on an American server? An American business? Random attack? Site content? Until you know the reason why preventing it happening again can be tricky.
http://pwnie-awards.org/2008/awards.html#mass0wnage There's why it's happening. It won this years pwnie for a reason. You said you can grab your data and get into the admin - this means your data is intact, in which case what you want to do is upload MORE than just your index.php - the most commonly hacked file in wordpress are wp-config.php and wp-settings.php - files that really you don't need to modify once the page is set up which is why I always set that one's permissions to 644 post-install so there is no chance of php modifying it. It is often surprising how many hacking attempts can be foiled by just setting your files to 644 instead of 664. Lemme think - First I would delete all the .php files except your wp-config.php, which I'd download a copy of then delete off the server as well - then I would probably go in with a tool like phpmyadmin and browse the wp_options table looking for anything that's been compromised, correcting any incorrect values. I would then upload a clean copy of wordpress, make a new wp-config file with the database login info and auth-keys copied from your old file - and see if that does the trick. I would then IMMEDIATELY make certain you are upgraded to the latest version, then set all the php files to 644 instead of 664 on their permissions to prevent code injections/modification. Since this hack could be as simple as any one of the HUGE CHAIN of files wordpress called before outputting anything having HTML appended to it's end followed by an 'exit' command. Take index.php for example which is nothing more than a define and a require of wp-blog-header.php, which is nothing more than one if statement (which looks like it should never be true) followed by a require, a function call and a require - these are two separate files WHY exactly? It's built on such a shaky foundation mass 0wnage is hardly a shock.
@deathshadow: I tried watching a bit of the video on that site and had to stop - the jerk had a damn annoying habit of sucking his lips every other word but I think I'll be staying clear of WordPress...
Thanks for all of the responses. I e-mailed my hosting service (hostgator) and they came back with a response that fixed my problem. I updated a few files under my wordpress template and the site came back to life. I know the reason for the hack... I had made a post about a previous hack which talked about the s.a.tt.an.org (without the .'s) hack and obviously they came back to get me.. well everything is fixed for now. i will update you if anything else arises.
if wordpress have many vulnerabilities would be a good idea use another manager content... i like this one http://eggblog.net/ not so good as wordpress but a nice one ... another way would be program your own wordpress plugin... also know why someone hack your site is good too... could email to the hacker right
Something that's hard to do in a lot of cases is avoid painting a bullseye on yourself. These types of groups tend to be petty self preening script kiddies who take every slight personally. Uhm, ooops.
I once had a site hacked a while back, was a pain to get it all sorted out. Ruined my traffic, I had to scrap the whole project.
ffs ppl, don't rely on your hoster to make your backups. IMO, the OP was very lucky that his hoster could help restore him. I've seen quite a few ppl lose their sites due to a hack in such a way it cost them hundreds of $ to restore. The only real solution is to a) have a seperate domain registrar (i recommend godaddy.com), and a seperate hoster, then b) do your own backups, so you can (have a pro, very cheaply) restore it all to any hoster. here's a good new years resolution: at least once a week, And after each medium-to-large change: - make a sub directory 2009-MM-DD (so it sorts correctly in file explorers) under a general 'backup' dir. - goto cpanel / your admin panel - backup all the databases to files (on the webserver) - copy the db backup files on the server to the 2009-MM-DD dir on your local drive - copy the complete htdoc/public_html to 2009-MM-DD/site.com/ keep 5 to 10 old backups lying around. diskspace is cheap. keep at least the last 2 also on a portable drive, don't store in the same room (or better: house) as your primary backup. If you update only your CSS for a single site, it would go into a dir: 2009-MM-DD HH-MI/site.com/public_html/path/to/CSS/ This way, your backups dir will have "major" backups (the ones without time index), and 'minor' ones, containing only the changes since the last major backup. ofcourse, this is a bit of a hassle. many clicks/drags each week. tbh, even as a developer, i've lost a few articles due to my own upgrading in the past because i simply forgot to backup before making a 'minor' change (that happened to wipeout the db as a sideeffect) so i'll put it on my todo list to find/create an automated php app to do this for you, resulting in one large zip (with databasezips and directory structures inside) to download instead of many smaller zips. once done i'll put it in my signature as a cheap offer; it wont cost you more than $25 including installation & explanation of use. it will be able to handle any number of sites on the same server. Edit: cpanel (which i dont use) has an easy option to do full backups. just go to "backups" and make a full backup.. here is a 2006 PHP snippet that can apparently do it for you so my solution will be for those without cpanel.