Jump to content

Archived

This topic is now archived and is closed to further replies.

rijans

My site is hacked

Recommended Posts

rijans

Myanmar is against Bangladesh and as a result, my site fallen victim of hackers from Myanmar.

 

Right now I only have access to cpanel. wp admin and site isn't working.

 

Is there any way to backup my DMS edits, customs css, custom templates to take backup from cpanel?

 

techgainer.com


.....Being a code noob, I want highest control as much as possible! What a mismatch! ......

.......Feeling Rockstar with DMS! .......

....I believe there's nothing like DMS....

Share this post


Link to post
Share on other sites
Danny

Hi,

 

Your host should have a backup before you were hacked. However, the danger of using a backup is that how you got hacked may still be present, you will need to speak to your host and also ask them how you was hacked.


Please search our forums, before posting!

Share this post


Link to post
Share on other sites
rijans

They saying this all my fault :( . However the last backup is 3 days old :(

 

Gonna use that backup. and moved all current files to a locked folder. Any suggestion to get back any previous DMS data?? badly needed as I done many customizations since the last backup


.....Being a code noob, I want highest control as much as possible! What a mismatch! ......

.......Feeling Rockstar with DMS! .......

....I believe there's nothing like DMS....

Share this post


Link to post
Share on other sites
Danny

How can a site being hacked be your fault ?

The only way your site being hacked can be your fault is by you doing one or more of the following:

 

1. Use out of date versions of WordPress, plugin(s) and theme.

2. Use bad plugins i.e. ones that are not on the WordPress plugin repository or from an external website that isn't trusted.

3. Use pirated themes or plugins

4. Using your own code that isn't valid or secure.

5. Use insecure password for example; 123456, password etc..

6. You manage your own server.

 

If you have not executed any of the following, then it is related to your host. For your host to even say that it is your fault, is rather concerning. I would recommend you switch host such as FlyWheel, Linode or Digital Ocean.


Please search our forums, before posting!

Share this post


Link to post
Share on other sites
batman

HI rijans
Are you using this plugin "Quotes Collection" ?

Like Danny wrote this is a out of date version plugin

http://screencast.com/t/nVM7hDQBRwM

:(


Life is too short to remove USB safely ...

Share this post


Link to post
Share on other sites
rijans

batman ya I'm using this. ok removing it.


.....Being a code noob, I want highest control as much as possible! What a mismatch! ......

.......Feeling Rockstar with DMS! .......

....I believe there's nothing like DMS....

Share this post


Link to post
Share on other sites
Keith Vaugh

As Danny pointed out above if you host keeps backups, you can implement a complete restore of database, themes and plugins. Then remove the older plugins. Also might be worth considering adding some security plugins to your site - wordfence and Better WP Security (iThemes Security)

Share this post


Link to post
Share on other sites
rijans

@Danny @batman @keithmagvacom

 

What they have done are all related to my cpanel. They have created 600 sub domains on my site where every subdomain had a page of their own and a php code to execute some commands across the host! My internal wordpress DB and files were good though. But when u load my site it shows their message, no matter it's subdomain, sub page or home!

 

1# Here's my home page/sub-page/posts looked like: http://www.screencast.com/t/5Qi1vcOg (it says it's done from Myanmar)

     Files used to render these: index.php https://drive.google.com/file/d/0B0vZboRb5S2OaWs4d2VSVmpVdlU/view?usp=sharing

                                                 x_x.htm   https://drive.google.com/file/d/0B0vZboRb5S2OVm5RSXZ6aERqSlU/view?usp=sharing

 

2# Here's their example of hosted killing machine on every subdomain: (OMG!) http://www.screencast.com/t/xxpRkLh9hiuU

     Source file: https://drive.google.com/file/d/0B0vZboRb5S2OYUxua3VGRW8yMms/view?usp=sharing

 

## Here's the man who hacked looks like: (yes it's his fb profile I found in his scripts) https://www.facebook.com/zayartun.pro/ ; He is posting to his facebook whenever he hacks any site. look there !

 

Thanks guys. Any idea how he done all these??

 

 

 

 


.....Being a code noob, I want highest control as much as possible! What a mismatch! ......

.......Feeling Rockstar with DMS! .......

....I believe there's nothing like DMS....

Share this post


Link to post
Share on other sites
Danny

No idea, you need to speak to your host, as they should be able to investigate it.


Please search our forums, before posting!

Share this post


Link to post
Share on other sites

×