Past 24 hours my site (wp hosted blog) has been hacked and shows some black screen with note that i have been hacked. pls help, what shall i do. site: www.techproductivity.com
Some Script Installed in my pc, Beware, I thinks something misshap ............... Plz make sure before opening the page.
I got a virus as soon as i opened it in IE but was detected by my antivirus. is there no other way than getting fresh WP again on site (its got lots of good posts). how the fuck he did that?
I didn't detect any virus, maybe I am using Fire Fox I guess it would be dangerous to use any of the old files again, you may try manually copying all the posts over.
Probably exploited an old outdated and vulnerable version of WordPress. Upgrade to the latest version. Then, also inspect each and every one of your pages manually on the server. If the content is in a database, you'll have to inspect the database. I've seen in a post at the StopBadware Google Group that it's possible to do this somehow doing a search of your posts using the WP admin panel. (Can't confirm it, as I've never used WP.) Otherwise you'd need to do it in phpmyadmin or equivalent. A common WP hack involved injection of iframes with "wp-stats" in the target URL. I think that wp-stats hack was one of the ones that installed the JS_PSYME virus, which is what your site has. If that's it, you'll need to search all your pages for "wp-stats" and manually delete all the malicious iframe injections. Or if it turns out it isn't wp-stats, you'll need to clean the pages of whatever it is. Keep WP up to date. When an upgrade comes out, install it immediately.