Group Admins

WordPress Troubleshooting and Support

Public Group active 8 months, 3 weeks ago ago

WordPress support from our community

Hacked…and questions

Tagged: , ,

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • February 3, 2012 at 6:37 pm #1365
    dianeb
    Participant

    Hi one and all.

    I have a hacked site with 2 backups also hacked. (this is a new site still under Maintenance Mode–not public–so not a lot of backups yet).

    I watched DK Smith’s presentation. Did some of those security things prior to attack but not all of them. But now it’s a little too late. Now I need to get this JUNK out of the database.

    I followed Joley’s suggestion and tried the Exploit Scanner plugin. It shows tons of stuff. Too much really.

    I tried a scan at securi.net which shows nothing I also did a Malware scan via BackupBuddy. Again: nothing. But there’s clearly lots of bad code in database. Mostly in options table I think.

    I am using twentyten and the newest WP (although it was one version back when I began). I have these plugins to help client edit: Advanced Custom Fields, NextGen gallery w/ Fancybox, Divup. Also in use: BackupBuddy, widget logic, all-in-one-SEO, Maintenance Mode.

    Do I need to start over? Is there anyone to call for help?

    aaaaaack.

    /d

    February 3, 2012 at 9:38 pm #2330
    dianeb
    Participant

    Postscript: even worse, I think. Given my problem, I decided to just remake the whole site. I set up the newest WP on MAMP to begin process. Just for the sake of learning, I decided to look at the database before going any further after the WP install to see what a virgin database looked like. Sadly, it is already full of stuff. scrambled links to dubious sites in China, and plenty more I can’t decipher etc etc.

    So…do I surmise that the malware is on my computer and that it’s setting up all this junk everywhere I turn?

    February 3, 2012 at 9:51 pm #2331
    Steve
    Keymaster

    @dianeb– I recommend you do a full virus/malware scan of your local machine.

    February 5, 2012 at 2:29 am #2332
    dianeb
    Participant

    Ok. I learned a lot since yesterday.

    Scanned my computer (thanks Steve B) and it’s ok. I panicked because I had one site definitely hacked and then looked at the databases of my other client sites and saw lots of junk in their databases….but these were ok.

    Finally I realized that the WP Other News and WP Blog pour tons of crap into my database. Why do they do that? (well that’s another conversation). Then learned how to turn that off. Now it’s easier to see when there’s something amiss.

    I’m just about back in order. New database. Used the export/import tool. New/fresh plugins and themes. Custom table prefixes. etc.

    Now, I’m about to put some security plugins in place. Not sure which yet. Recommendations….(?)

    Whew.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.