Hi one and all.
I have a hacked site with 2 backups also hacked. (this is a new site still under Maintenance Mode–not public–so not a lot of backups yet).
I watched DK Smith’s presentation. Did some of those security things prior to attack but not all of them. But now it’s a little too late. Now I need to get this JUNK out of the database.
I followed Joley’s suggestion and tried the Exploit Scanner plugin. It shows tons of stuff. Too much really.
I tried a scan at securi.net which shows nothing I also did a Malware scan via BackupBuddy. Again: nothing. But there’s clearly lots of bad code in database. Mostly in options table I think.
I am using twentyten and the newest WP (although it was one version back when I began). I have these plugins to help client edit: Advanced Custom Fields, NextGen gallery w/ Fancybox, Divup. Also in use: BackupBuddy, widget logic, all-in-one-SEO, Maintenance Mode.
Do I need to start over? Is there anyone to call for help?
aaaaaack.
/d