Help me ! My site is totally HACKED !

Discussion in 'Security' started by techdomain, May 26, 2008.

  1. #1
    Past 24 hours my site (wp hosted blog) has been hacked and shows some black screen with note that i have been hacked. pls help, what shall i do.

    site: www.techproductivity.com
     
    techdomain, May 26, 2008 IP
  2. wisdomtool

    wisdomtool Moderator Staff

    Messages:
    15,825
    Likes Received:
    1,367
    Best Answers:
    1
    Trophy Points:
    455
    #2
    Just delete the site and do a complete new one, install the latest WP.
     
    wisdomtool, May 26, 2008 IP
  3. connell

    connell Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Some Script Installed in my pc, Beware, I thinks something misshap ............... Plz make sure before opening the page.
     
    connell, May 26, 2008 IP
  4. techdomain

    techdomain Well-Known Member

    Messages:
    146
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    103
    #4
    I got a virus as soon as i opened it in IE but was detected by my antivirus. is there no other way than getting fresh WP again on site (its got lots of good posts). how the fuck he did that?
     
    techdomain, May 26, 2008 IP
    chandan123 likes this.
  5. wisdomtool

    wisdomtool Moderator Staff

    Messages:
    15,825
    Likes Received:
    1,367
    Best Answers:
    1
    Trophy Points:
    455
    #5
    I didn't detect any virus, maybe I am using Fire Fox :)

    I guess it would be dangerous to use any of the old files again, you may try manually copying all the posts over.

     
    wisdomtool, May 26, 2008 IP
  6. firedragon

    firedragon Peon

    Messages:
    107
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #6
    My antivirus detect trojan downloader :D LoL
    "Help me ! My site is totally HACKED !". really?:p
     
    firedragon, May 26, 2008 IP
    chandan123 likes this.
  7. SteveWh

    SteveWh Member

    Messages:
    74
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    48
    #7
    Probably exploited an old outdated and vulnerable version of WordPress.

    Upgrade to the latest version. Then, also inspect each and every one of your pages manually on the server. If the content is in a database, you'll have to inspect the database. I've seen in a post at the StopBadware Google Group that it's possible to do this somehow doing a search of your posts using the WP admin panel. (Can't confirm it, as I've never used WP.) Otherwise you'd need to do it in phpmyadmin or equivalent.

    A common WP hack involved injection of iframes with "wp-stats" in the target URL. I think that wp-stats hack was one of the ones that installed the JS_PSYME virus, which is what your site has.

    If that's it, you'll need to search all your pages for "wp-stats" and manually delete all the malicious iframe injections. Or if it turns out it isn't wp-stats, you'll need to clean the pages of whatever it is.

    Keep WP up to date. When an upgrade comes out, install it immediately.
     
    SteveWh, May 26, 2008 IP
  8. stickycarrots

    stickycarrots Peon

    Messages:
    4,513
    Likes Received:
    115
    Best Answers:
    0
    Trophy Points:
    0
    #8
    there you go i fixed your site you will need to re upload the theme
     
    stickycarrots, May 28, 2008 IP