Wordpress Themes - WP Forum at BFA
There will be no more development for Atahualpa (or any other theme), and no support. Also no new registrations. I turned off the donation system. I may turn the forum to read only if it gets abused for spam. Unfortunately I have no time for the forum or the themes. Thanks a lot to the people who helped in all these years, especially Larry and of course: Paul. Take care and stay healthy -- Flynn, Atahualpa developer, Sep 2021

Wordpress Themes - WP Forum at BFA » WordPress Themes » Atahualpa 3 Wordpress theme »

My site got hacked - please help


  #1  
Old Sep 22, 2011, 07:41 AM
rinoa3108
 
53 posts · Apr 2009
My site got hacked and it is looks like i am unable to get into the dashboard with this URL:
www.blueginger.com.au/wp-admin

Is there another way to get to the dashboard? This is the first time i have been hacked so any help/info would be much appreciated.
  #2  
Old Sep 22, 2011, 08:43 AM
juggledad's Avatar
juggledad
 
23,765 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
look at the site and see if there is a 'index.html' file in the wordpress root - if so, rename it to index.old and see if you can get in.

I would change all FTP passwords for your site and the cPanel password
Next I would use FTP to manually reinstall a copy of ALL the wordpress files except the wp-contents folder

I would then go thru the wp-contents folder and replace every plug in and install a fresh copy of Atahualpa (save your header images first)

That would be my starting point. -

Do you have a database backup?
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
  #3  
Old Sep 22, 2011, 09:38 PM
rinoa3108
 
53 posts · Apr 2009
I have a version of the site at www.blueginger.judyly.com.au
Would it be possible for the URL to be redirected to here while i work on the real site?
  #4  
Old Sep 23, 2011, 04:09 AM
juggledad's Avatar
juggledad
 
23,765 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
you can create a file and put this in it
HTML Code:
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>
    </title>
    <meta http-equiv="refresh" content="0;url=http://yourdomainname.com/" />
  </head>
  <body>
  </body>
</html>
then put it in the wordpress root older and call it 'index.html'

if it doesn't work, rename 'index.php' to 'index old.php' and see if it works then

p.s. you must have mis-spelled the URL since it gets a 'not found'
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
  #5  
Old Sep 27, 2011, 08:21 AM
rinoa3108
 
53 posts · Apr 2009
Thank you so much - It works now. The above link is supposed to be www.blueginger.judyly.com

I have gone to www.barasia.com.au though and Firefox says that the site is deemed as an attack page and so it blocked me from viewing it. Both blueginger.com.au and barasia.com.au have the same web host. Do you think this site got hacked into as well?
  #6  
Old Sep 27, 2011, 10:02 AM
juggledad's Avatar
juggledad
 
23,765 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
I would suspect that it was hacked as well. Do a google search with 'wordpress what to do if your site is hacked' and read up on what you should be doing.

This is a painful thing and I wish you luck in getting it corrected. You should contact your host to see if anyone else was hacked and see what they can do to help you
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
  #7  
Old Sep 30, 2011, 11:58 AM
rickheck
 
139 posts · Oct 2009
I'd agree the de-hacking is not fun, but not too hard. See blog post here: http://digitalchoke.com/digitalchokeblog/?p=415 on what I did to fix a couple of sites that got hacked with the tim-thumb hack (in one case, it was the 'Related Posts" plugin that was the entry point).

If you have mutliple sites on your host, then you need to check all of the content/sites.

Once you can get into the Admin dashboard, do a re-install of the latest WP version to fix any related problems. Then do the other things in my post.

Good luck! ....Rick...
  #8  
Old Oct 10, 2011, 04:55 AM
rinoa3108
 
53 posts · Apr 2009
Thanks for the information.

Am i able to fix barasia.com.au with the information provided in this thread for blueginger.com.au?
If so, I am trying to get into the dashbord by looking for index.html at the wordpress root but am not able to find it. I then renamed index.php to index.old and it still didnt work.

I have a copy of the website at www.barasia.judyly.com
Because i have a copy, should i replace all the wordpress files with the ones in this copy?
  #9  
Old Oct 10, 2011, 06:00 AM
rinoa3108
 
53 posts · Apr 2009
I have created the html file at the root wordpress directory so it directs to www.barasia.judyly.com
I tried replacing the wp-config.php and index.php files with the ones at the copy site (barasia.judyly.com) but it came up with "error establishing a database connection" page. I realised that i need to replace the database information with the same one at the real website. I did that but the site still came up with "error establishing a database connection". Am i doing this right? Am i going along the right direction?
  #10  
Old Oct 10, 2011, 06:31 AM
juggledad's Avatar
juggledad
 
23,765 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
If you can't get into a site because the theme is messed up, you can rename the index.php IN THE THEME FOLDER.

There should be no index.html in the wordpress root folder, but there is an index.php - this is what starts wordpress

wp-config.php contains the
database name
the database user and password
If you copy an wp-config.php from one site to another, you must make sure you have changed these three items to pint at the new database and user.
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
  #11  
Old Oct 10, 2011, 07:41 AM
rinoa3108
 
53 posts · Apr 2009
Thanks for the information, Juggledad.

I have used your html code to produce an index.html to direct it to the copy site for now.

When i try to go into:
www.barasia.com.au/wp-admin
It comes up with "Error establishing a database connection" page.

I have replaced the database information (database name, user name and password) in the wp-config.php to the same info at the host server, so i am puzzled as to why the error is coming up.
  #12  
Old Oct 10, 2011, 08:12 AM
juggledad's Avatar
juggledad
 
23,765 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
Quote:
It comes up with "Error establishing a database connection" page.
this means that the database name, userid or password is wrong
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
  #13  
Old Oct 16, 2011, 12:53 AM
rinoa3108
 
53 posts · Apr 2009
Hi Juggledad,

with www.barasia.com.au:
The error message doesnt appear anymore, so I think i have fixed the database issue. I have gone to the copy site and exported the database. Then i emptied the one on the live host and imported it into there.

When i go into www.barasia.com.au/wp-admin i get the attack page warning, but when i choose to ignore it i can see the Wordpress log in page. I am now however unsuccessful in logging in with the password.

I have tried the instructions at this page:

http://codex.wordpress.org/Resetting_Your_Password

I have tried the myphpadmin way, ftp way and automatic emailer (i dont get an email to retrieve the password in my email) and have been unsuccessful. I dont want to use the last option (Emergency password reset script) because it sounds like i may not be at the techinical level to fix it, if it stuffs up.

I think with your redirect html file you suggested it is still going to the copy site so i can buy some time to fix this.

Im not quite sure what to do now. Are you able to help at this stage? Many thanks.
  #14  
Old Oct 16, 2011, 11:13 AM
juggledad's Avatar
juggledad
 
23,765 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
www.barasia.com.au still pops up the warning for me but if I ignore it I go to http://barasia.judyly.com

If you have exported barasia.judyly.com and plan on importing it to www.barasia.com.au you will run into an issue because once you do the import, the site will be barasia.judyly.com not www.barasia.com.au (all the internal links etc.

When moving an export from one domain name to another there a couple things that must be done. There is a writeup in the WordPress documentation that explains this. Before proceeding, you really need to find it, read it and understand it.

If this is over your head, you really should hire someone to do it for you.
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support
  #15  
Old Oct 27, 2011, 12:09 AM
rinoa3108
 
53 posts · Apr 2009
Hi Juggledad,
For the mean time i have created the html file you gave me to redirect to www.barasia.judyly.com. The html file is there and it seemed to redirect on the night i created it. Now it seems to show the attack page again. Do you know why it is doing this and is there a way around it so i can get the redirected site to show while this is being fixed?

I have followed your instructions to replace all the Wordpress files via FTP. I have exported the database from barasia.judyly.com, opened it in Textedit and renamed all the links from www.barasia.judyly.com to www.barasia.com.au. At barasia.com.au i have deleted the old database and created a new one and uploaded the new one, then gone into wp-config.php and updated the database details. With this done i am now able to access the dashboard, but the page still says it is an attack page. Any ideas on what to do from here? I do have some knowledge of getting around. Thanks a million.
  #16  
Old Oct 27, 2011, 05:23 AM
juggledad's Avatar
juggledad
 
23,765 posts · Mar 2009
OSX 10.11.5 WP 4.x Atahualpa(all) Safari, Firefox, Chrome
well if you have cleaned everything up, did you read the 'attack' page and follow the directions google tells you about?
__________________
"Tell me and I forget, teach me and I may remember, involve me and I learn." - Benjamin Franklin
Juggledad | Forum Moderator/Support

Bookmarks

Tags
hack, hacked, hacker, site

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hacked? Google links to medicine sites / my site Craig Atkinson Atahualpa 3 Wordpress theme 3 Jun 25, 2011 08:21 PM
[SOLVED] My Atahualpa-powered site hacked, redirects elsewhere bswb97 Atahualpa 3 Wordpress theme 2 Nov 27, 2010 12:19 PM
My site has been hacked - atahualpa 3.4.6 Mikii New Versions, & Updating 11 Jun 17, 2010 10:09 PM
hacked? rachkitty Atahualpa 3 Wordpress theme 3 May 6, 2009 12:52 PM
{Can this theme get hacked? djmom70 Atahualpa 3 Wordpress theme 7 Mar 25, 2009 07:54 PM


All times are GMT -6. The time now is 05:21 PM.


Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.