My website has been hacked, how to repair it?

My website http://88design.org/ has been hacked, the hacker inserted malware to my database. My database is store in .gz format, what is the tool to open and way to repair .gz file?

 

.gz would appear to be gzip files. Go here to get a tool for your OS

www.gzip.org

HTML:

. Although I suspect you'll need something else to view the extracted database files

 

You could easily just recover from your backup instead of fixing the injected database.

 

try to check the source code too, hacker can put their backdoor to your source code

 

I really not understand, how those hacker can be so easy to injected malware database. This is my first time setup wordpress, I never backup it.....I think i have to resetup the entire site. By the way, does anyone found a software or tool to repair database? repair database is painful process.

 

When you state repair, are you saying it is corrupted or just to get all of the malware out?

There are many ways to fix a database, but need to now more than what you are providing.

 

I need to get all of the malware out, is it hardly to trace which are the part impacted?

 

All you need to do is to upload your backup website files. Since it was impossible for the hacker to destroy your backups, they are ready to go. You should be able to upload them in a few minutes and have all problems solved except the one about HOW the hacker managed to hack the site in the first place.

If anyone ever hacks my site, I can have all 5000+ pages uploaded and working in less than 4 hours on a dialup. You should be able to do yours in less than 5 minutes.

 

Mmerlin, I like you sig, but there also exist careless readers too.
He said he doesn't have a backup.


Lol, just kiddin
Op if you're on shared hosting I'm definitely sure that there is a backup.

 

I quoted his problem EXACTLY as he stated it. It is not my fault his problem is something other than what he stated. Yes, I read all the posts before answering, but chose to answer his ORIGINAL question as originally stated.

I did this MAINLY to point out that anyone that has no backups needs to learn to backup EVERYTHING one or more times. I have hundreds of backups of computer code (HTML, Basic, FoxPro, Machine, Assembly, Javascript, etc) should anything happen to the current code. I may lose a little information, but I will never lose all. I learned this the hard way years ago. One time I totally lost my current code and the four previous backups. Fortunately, I had one more older backup, so was able to recover over 95% of my code.

 

Thanks for all replied, I have temporary shut down my site. I will rebuild a brand new site, future I will create a backup copy.

I am very appreaciate those member promt me to offer help, either free help or service charge help. By the way, does you are have wordpress security issue? recently I just heard lot of negative news from wordpress. I like wordpress feature, but also worry on security part.

 

Wordpress is popular, so a lot of hackers try to hack it. Every time someone does, a new version comes out very quickly with that security hole patched.

If you use a popular program, it gets hacked. If you want one that almost no one will waste time trying to hack you have to write it yourself. (That's why Windows gets hacked so often, but Mac OS doesn't.)

 

Do you think those open source code is easier to get hack? why the same thing does not happen to drupal and joomla? is it they less popular?

 

Wordpress is one particular program. Joomla and Drupal are libraries you can use to write websites. It's no easier to hack into a site that uses Joomla or Drupal than to hack into one that was written by hand. So there's no "popular Joomla site", because each site that uses Joomla is different. Wordpress sites all use the same program - Wordpress.

It's like the difference between a bucket of words and a book. Libraries are just buckets of words - you can put them in any order you want.

 

Wordpress gets hacked because there are a lot of poor programming practices that go into wordpress and the various modules written for it.

For example, a web server should NEVER have write permission to a directory it serves. That's standard security 101.
Wordpress developers seem to ignore that.

Secondly, administrative login should NEVER be allowed over a non secure connection. Any administrative login should be done over https and administrative sessions should also be over https. Many user accounts are hacked by session theft, especially with the popularity of open wireless networks. If your login and session is over standard http, anyone on your subnet can read your cookie and steal your session ID. Yet every single WP site I have ever worked with has ignored this and does login / standard administration over standard http. If you really can't afford a signed SSL cert, then self sign one, it's better than nothing.

As far as why Windows gets hacked so often, I'm a Linux advocate but the vast majority of recent cases I know of where a windows box was hacked, it was usually the result of poor system administration skills. Too many people out there who do not really know what they are doing, or maybe they do but are lazy.

 

But backup may not contain latest changes of the site

 

@AliceWonder:
All true. But WordPress isn't GM's bank account. If a WP site is properly backed up, a hack is 10 minutes of annoyance. Anyone using WP for mission-critical or financial-critical data is someone who leaves a full wallet on a park bench in a foreign city - and expects someone to fly over to return it.

@lead2play:
That's up to the site owner, but less than daily backups are foolish.

Bottom line? You set your security as low as a) you need it to be, b) you can afford it to be and c) your paranoia allows you to. One size definitely doesn't fit all.

 

First of all it has nothing to do with coding, 2end of all any site is vnul to a hacker depends on hackers intentions and interest. 9 out of 10 times hacker will target specific site for few reasons.

1. For personal Gain
2. For revenge
3. To put drive by on your site.
4. To put iframe on your site.
5. You were just unlucky to be picked up by google spider when specific exploit has been published.


Thats why its always best to remove version you running on site as most exploits are written for specific version of the forum/blog if you remove version you using hacker will have loads harder time to get in to your server.


Main things you need to watch out for is phishers ( you can gogole up what that means it's most common ways of hacking admins that don't know about it )


I have had a look at your server very breafly and only thing I found was TRACE method is enabled and what that means is this. "Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data. "

Easy fix
Disable TRACE Method on the web server.



I have not had deeper look on your server to tell you all the issues you have there. But if you like some more info about securing your server send me a PM and I will send you over my forum link where you can learn about server side security or web based security. After all that's what me and my team specialize.

Good luck with your website.

 

I've used this service - http://nopasara.com/hacked-website-repair/ - cost a couple hundred bucks but now they protect all my websites, so... do the math. Rock-solid and happy as a dog now.

 

Normally, I would agree that running logins (admin) over non-secure locations is bad, but this is a WP-site. Running the admin-login (or any login, since most logins to the admin part is exactly that - admins) over https seem to me to be something a bit of overkill. The better suggestion would be to not do this via open-wifi or similar - I'm assuming now that your home and work/student network is secure to some extent.

However - WordPress as a basis is quite secure enough - the problem is that it's not made for security - as others have stated, write-access (but then again, almost all webservers gives PHP or other running services write-access to the webroot, simply because there are so many things that often needs to be written to a webserver), and non-secure logins, but the worst bit is all the different plugins. WordPress itself has a relatively competent developer suite running it, while plugins are often coded by one person, and therefore might not be up to scratch on security at all. If you don't personally go in and check every plugin you're running (the actual code), etc. you might leave your site open for attacks.

However - the OP states his database has been hacked - that might not have anything to do with WordPress at all. Is he running an old version of PHPMyAdmin, perhaps? Is there security holes in the code (not WP necessarily)? Is the webserver and mysql updated? There are a lot of different attack vectors available, and there are quite a lot of ready-made tools one can use to check for possible exploits.