begood Posted May 2, 2010 Report Posted May 2, 2010 Help I think I've been hacked So you've carefully installed WordPress, you've made it look exactly how you like with a decent theme, you've maybe installed some fancy plugins and you've crafted some fine posts and Pages. In short, you've put a lot of time and effort into your site. Then, one day, you load up your site in your browser, and find that it's not there, or it redirects to a porn site, or your site is full of adverts for performance-enhancing drugs. What do you do? Some steps to take Stay Calm You have to stay calm to be able to deal with this situation. The first step before you respond to any security incident is to calm yourself down to make sure you do not commit any mistakes. We are serious about it. Scan your local machine. Sometimes the malware was introduced through a compromised desktop system. Make sure you run a full anti-virus/malware scan on your local machine. Some viruses are good at detecting AV software and hiding from them. So maybe try a different one. This advice generally only applies to Windows systems. Check with your hosting provider. The hack may have affected more than just your site, especially if you are using shared hosting. It is worth checking with your hosting provider in case they are taking steps or need to. Your hosting provider might also be able to confirm if a hack is an actual hack or a loss of service, for example. Change your passwords. Change passwords for the blog users, your FTP and MySQL users. Change your secret keys. If they stole your password and are logged in to your blog, even if you change your password they will remain logged in. How? because their cookies are still valid. To disable them, you have to create a new set of secret keys. Visit the WordPress key generator to obtain a new random set of keys, then overwrite the values in your wp-config.php file with the new ones. Take a backup of what you have left. If your files and database are still there, consider backing them up so that you can investigate them later at leisure, or restore to them if your cleaning attempt fails. Be sure to label them as the hacked site backup, though... Read Donncha O Caoimh's guide on what to do. Donncha wrote a good article on what to do if you suspect a hack, it is well worth reading through and acting on, as it goes into more depth than this page. Read How to clean your hacked install and Removing malware from a Wordpress blog which explain in details some steps you might need to take. Check your .htaccess file for hacks. Hackers can use your .htaccess to redirect to malicious sites from your URL. Consider deleting everything. A sure way to remove hacks that currently exist, is to delete all the files from your web space, and clear out your WordPress database. Of course, if you do this, you would need backups to restore to, so ... Consider restoring a backup If you restore known, clean, backup of your WordPress Database, and refresh your WordPress, plugin and theme files through FTP, that will ensure all those bits are clean of malicious code. At the very least ... Replace the core WordPress files with ones from a freshly downloaded zip. Replacing all your core files will ensure nothing is left behind in them in a hacked state. Remember to replace plugins and theme files, too. Upgrade! Once you are clean, you should upgrade your WordPress installation to the latest software. Older versions are more prone to hacks than newer versions. Change the passwords again! Remember, you need to change the passwords for your site after making sure your site is clean. So if you only changed them when you discovered the hack, change them again now. Do a post-mortem. Once your site is recovered, check your site logs to see if you can discover how the hack took place. Open source tools like OSSEC can analyze your logs and point you where/how the attack happened.http://codex.wordpress.org/FAQ_My_site_was_hacked Quote
BigT Posted May 2, 2010 Report Posted May 2, 2010 Interesant si util. Mersi! Desi sper sa nu am nevoie de el ) Quote
