Blog name changed but scan finds no problems

  • Resolved mikewale4

    (@mikewale4)


    6 years, 3 months ago

    This morning I got a regular database backup but the subject line was suspicious:

    Hacked By THE-DON Database Backup

    rather than the name of the site. I visited the site and noticed only the Title on the title bar being defaced. I ran a new scan and nothing was found. I looked for “suspicious” files in the folders and did not notice any. Then I looked at the database and noticed that the wp-options table had the blog name field altered to “Hacked By THE-DON ” I changed that to the proper name of the company and I do not see any other marks.

    How concerned should I be? Wordfence did not give any alerts as to a login and this site has two admin level users and they are both my accounts. There is no new user added. Is this some kind of injection of data without actually entering the dashboard?

    Cemal

    • This topic was modified 6 years, 3 months ago by mikewale4.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter mikewale4

    (@mikewale4)

    Hi @mikewale4,

    Is it possible that attackers gained FTP or SSH access to your host?

    Here’s the list of things I would do:

    If you have SSH access to your host

    1. Login to your host
    2. Use the last command to see the list of IPs that logged in
    3. Compare the IPs to your own IP

    If you don’t have SSH access

    1. Ask your host provider is there was any different IPs that logged into your host

    Clean up

    1. Completely wipe and reinstall the host’s operating system
    2. Reinstall WordPress/Wordfence
    3. Reinstall other plugins

    Dave

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Blog name changed but scan finds no problems’ is closed to new replies.

Tags