Malicious attack on our website

  • Dee Man

    (@mcilroyguitars)


    8 years, 2 months ago

    Hi all, our website host (123-reg) suspended our site due to malicious activity. They identified many corrupt malicious file / folders (all .php files). They advised that we delete these files via FTP (we use Filezilla). Having deleted these files, the website is no longer accessible, either by the public or by us in wp-admin.
    Any suggestions?
    Many thanks

Viewing 8 replies - 1 through 8 (of 8 total)
  • Andrew Nevins

    (@anevins)

    WCLDN 2018 Contributor | Volunteer support

    Hi @mcilroyguitars, is the website no longer accessible from the suspension or another issue?

    Thread Starter Dee Man

    (@mcilroyguitars)

    Hi Andrew, the suspension has now been lifted but the website is no longer accessible, either to the public or to me via my wp-admin.

    Thread Starter Dee Man

    (@mcilroyguitars)

    My provider has responded with this .

    “Your site is in place but it appears that there are a few files missing. Your version.php and formatting.php files are missing from your wp-includes/ folder. Please replace these with any local backups or a new version of WordPress.”

    These are files they told me to delete because of malware, but how do I replace with original files?

    Thread Starter Dee Man

    (@mcilroyguitars)

    I have managed to upload and install the latest WordPress. So while I can now get access to my website there are many problems, so I’m having to rebuild. Problem now is that in WordPress Dashboard, many buttons don’t work. Too numerous to mention but things like, I can’t upload new media (the upload button doesn’t function), I can’t use media in my library as none of the show buttons function, I can’t customize appearance, etc.
    I didn’t uninstall the old version, should I have done that beforehand?

    Thread Starter Dee Man

    (@mcilroyguitars)

    Here’s an example of “Nothing working”.
    I log in to my Dashboard, click on “Appearance”. There are eight Themes (one is my own custom).
    If I click on any of the Themes, nothing happens. If I click on Theme Details, nothing happens. If I click on the blue Customise button, nothing happens.
    If I click on “Add New”, the Add Themes page is blank. Click on Featured, nothing happens. Click on Popular, nothing happens, etc.
    Navigate to Pages, Home Page, click on “set featured image”, nothing happens.
    Navigate to Media (there should be images there, but ther are none). Add new media, button doesn’t work. Try browser uploader, find media on computer, select and click Upload and I get this message (as I do when I try to edit script)

    “Warning: Cannot modify header information – headers already sent by (output started at /websites/123reg/LinuxPackage21/mc/il/ro/mcilroyguitars.co.uk/public_html/wp-content/themes/mcilroy/functions.php:1) in /websites/123reg/LinuxPackage21/mc/il/ro/mcilroyguitars.co.uk/public_html/wp-includes/pluggable.php on line 1174”
    Any suggestions?

    Hi @dee man

    I’m not quite sure if you’ve figured this out yet, but but it seems as if your theme is possibly corrupted. You don’t have to uninstalls the old version of core, you can rename /wp-admin and /wp-includes and do a manual upload as well. In fact, I’d probably recommend that.

    I would also see about switching out the theme, see if that helps.

    Here are a few links that you might find useful:

    https://sucuri.net/guides/how-to-clean-hacked-wordpress
    https://blog.sucuri.net/2012/07/website-malware-removal-wordpress-tips-tricks.html

    Let me know how it goes.

    Tony

    Thread Starter Dee Man

    (@mcilroyguitars)

    Thanks Tony
    I done a reinstall. Some things are still not working but other are. Working through it to get the bugs out.

    Ok, best of luck. Keep us posted.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Malicious attack on our website’ is closed to new replies.