hacked by hacker

my site antidumping.com.au is also down.

There are some residual pages from my last provider so I assume it is an attack on wordpress formats (I bought striking)

Easy to fix…not so sure about preventing it. I had 3 sites hacked on Hostpapa. The solution for me was to upload a new blank index.html in the root and the re-upload the theme’s header.php. Fixed it right away. Both of those files had been overwritten by the hack.

Then it can be quite certain that the hack is done through exploit in the theme. Probably you can provide what is the theme name you are using that other site which may uses the same theme as you host on the same web hoster.

Ah help me, please! I just deleted the infected theme header.php file…where do I find a new, clean one? My site looks completely messed up now. I didn’t have a backup of that file. Does that mean I can never return the site its original look/state??

@sbock3: download a fresh copy of your theme and unzip it.

I’ve been hacked as well.

I can’t access the dashboard via https://www.mywebsite.com/wp-admin

I’m also using Hostpapa. And the index files have been modified(yesterday). My theme was a slightly modified ‘twenty ten’.

How do I gain access to the dashboard? Should I simply replace the index?

I replaced the modified index and header file with a back up.The website is up.. But I still can’t access the dashboard..?
I went to ‘forgot password’ but it state my email isn’t on file… neither is my user name..
What is the dashboard linked to? is it linked to my files on my server or doesn’t www.remarpro.com maintain that information?

@mrnra420: As per the Forum Welcome, please post your own topic. Your problem – despite any similarity in symptoms – is likely to be completely different.

I got a suspected attack on my site as well this morning. You can refer to the image which the attacker is focus on timthumb.

Here is a good explaination for the timthumb attack and mass infection.

NONE of the sites I cleaned yesterday with the “Hacked by Hacker” had Timthumb vulnerabilities ..

That’s because these are not the same hacks. Please, people, post your own topics.

Who me?

Yes. Everyone but the original poster. Every one of these hacks could be quite different.

In answer to my ticket from Host Papa here is what they say:

Hello,

Your hosting account has been exploited/hacked, most likely due to an outdated script on your account. The hack has compromised all of your files and your account must be either restored from a backup or reset completely. Either of these actions will clear out any potentially harmful things like viruses or malware that may have been uploaded.

If you have a full backup made with the Backup Wizard from cPanel, please upload this file to your account. Let us know the name of the file and where we can find it. We will restore the backup for you.

If you have a partial backup or a backup file made some other way, you will need to restore the backup yourself.

If you do not have a backup file, you will need to reset your account. Unfortunately, you will lose ALL data including website files, email addresses and databases. As this is a destructive process, we need you to provide us with some information before we proceed.

1. Please provide the appropriate security verification information:
———————————————————————————————————–
The last four digits of the number on the front of the credit card we have on file for you:
———————————————————————————————————–
If there is no credit card on file, please provide your zip/postal code and original cPanel password:
———————————————————————————————————–
2. Please put YES next to each of the following to indicate you understand what will happen with your account:
——————————————————————-
I understand all website files will be deleted:
——————————————————————-
I understand all email messages and addresses will be deleted:
——————————————————————-
I understand all addon domains/subdomains will be deleted:
——————————————————————-
I understand all databases will be deleted:
——————————————————————-

Once we have your reply, we will proceed with resetting your account.

So, that’s pretty clear. As I said earlier I am new to this and did not back up properly. It would seem that I will lose all my files. Too bad. All that work gone. Wish there was a better way.

stuzphotography:
1. That’s the easy answer for Hostpapa
2. They clearly had issues that night which resulted in many many websites getting hacked all at once – across multiple accounts. My chats with their support team confirmed this to some degree. But it still could be an outdated script … this ones a mystery since Hostpapa won’t release log files or tell anyone what exactly happened.
3. So you should push back a bit – let them know you were not the only one that night and it’s crazy they don’t have a backup for you.
4. Before you delete everything make a backup of your current files and database from Cpanel / PHMySQL and FTP. Because the hack only modified a few files most of your data is intact and could be saved.
5. The Hack Repair Guy who posted earlier in the thread could prob get you back up and running without a full account reset or getting HostPapa involved.
6. This response from HostPapa is probably a good reason to look elsewhere for hosting at some point. I know I will be.